Carry-Less to BIKE Faster

Abstract

Recent advances in the development of quantum computers manifest the urge to initiate the transition from classic public key cryptography to quantum secure algorithms. Therefore, NIST has initiated a post-quantum cryptography standardization process which is currently in its third and final round. One of the Key Encapsulation Mechanism (KEM) candidates is BIKE. In this paper we optimize the algorithm to achieve new speed-records for constant-time implementations of BIKE with parameter set bikel1 on two different embedded architectures. For the ARM Cortex-M4 we leverage the performance benefit of bit-polynomial multiplication in radix-16 to outperform existing implementations. We explore different algorithmic approaches on the RISC-V-based VexRiscv platform and implement parts of the standard RISC-V Bitmanip Extension to measure its impact on BIKE. Our results indicate boundaries and trade-offs between different approaches for bit-polynomial multiplication beyond the BIKE use-case.