Paper 2021/1458
QC-MDPC codes DFR and the IND-CCA security of BIKE
Valentin Vasseur
Abstract
The aim of this document is to clarify the DFR (Decoding Failure Rate) claims made for BIKE, a third round alternate candidate KEM (Key Encapsulation Mechanism) to the NIST call for post-quantum cryptography standardization. For the most part, the material presented here is not new, it is extracted from the relevant scientific literature, in particular [V21].
Even though a negligible DFR is not needed for a KEM using ephemeral keys (e.g. TLS) which only requires IND-CPA security, it seems that IND-CCA security, relevant for reusable/static keys, has become a requirement. Therefore, a negligible DFR is needed both for the security reduction [FO99, HHK17] and to thwart existing attacks [GJS16].
Proving a DFR lower than
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- code-based cryptographyQC-MDPC codesBIKEbit-flipping algorithmweak keyserror floor
- Contact author(s)
- valentin vasseur @ inria fr
- History
- 2021-11-06: received
- Short URL
- https://ia.cr/2021/1458
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2021/1458, author = {Valentin Vasseur}, title = {{QC}-{MDPC} codes {DFR} and the {IND}-{CCA} security of {BIKE}}, howpublished = {Cryptology {ePrint} Archive, Paper 2021/1458}, year = {2021}, url = {https://eprint.iacr.org/2021/1458} }