Paper 2020/510
On the Applicability of the Fujisaki-Okamoto Transformation to the BIKE KEM
Nir Drucker, Shay Gueron, Dusan Kostic, and Edoardo Persichetti
Abstract
The QC-MDPC code-based KEM BIKE is one of the Round-2 candidates of the NIST PQC standardization project. Its specification document describes a version that is claimed to have IND-CCA security. The security proof uses the Fujisaki-Okamoto transformation and a de-coder that targeted a Decoding Failure Rate (DFR) of 2^{-128} (for Level-1 security). However, there are several aspects that need to be amended in order for the IND-CCA proof to hold. The main issue is that using a decoder with DFR of 2^{-128} does not necessarily imply that the underlying PKE is \delta correct with \delta=2^{-128}, as required. In this paper, we handle the necessary aspects in the definitions of the KEM to ensure the security claim is correct. In particular, we close the gap in the proof by defining the notion of a message-agnostic PKE for which decryption failures are independent of the encrypted message. We show that all the PKE underlying the BIKE versions are message-agnostic. This implies that BIKE with a decoder that has a sufficiently low DFR is also an IND-CCA KEM.
Metadata
- Available format(s)
- Category
- Public-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- BIKEPost-Quantum CryptographyNISTQC-MDPC codesFujisaki-Okamoto
- Contact author(s)
-
drucker nir @ gmail com
shay gueron @ gmail com
dusan kostic @ epfl ch
epersichetti @ fau edu - History
- 2020-05-05: received
- Short URL
- https://ia.cr/2020/510
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2020/510, author = {Nir Drucker and Shay Gueron and Dusan Kostic and Edoardo Persichetti}, title = {On the Applicability of the Fujisaki-Okamoto Transformation to the {BIKE} {KEM}}, howpublished = {Cryptology {ePrint} Archive, Paper 2020/510}, year = {2020}, url = {https://eprint.iacr.org/2020/510} }