bike-kem icon indicating copy to clipboard operation
bike-kem copied to clipboard

Published 20 hours ago verified publisher icon awslabs

Porting of the library

Open smuellerDD opened this issue 5 months ago • 0 comments

I have integrated BIKE into the leancrypto library [1]. The implementation works and complies with the BIKE-1 through 3 round 4 vectors. The implementations are provided for both user space as well as Linux kernel space integrated with the Linux crypto KPP API.

That said, during the porting, I identified some question. I would be grateful if I can discuss them with you.

  • Can you please help me why you ALIGN(sizeof(idx_t)) of aligned_sk_t considering that sk_t is already aligned to idx_t due to compressed_idx_d_t including an array of uint32_t integers?

  • it seems that compute_syndrome could be made static

  • it seems that sample_indicates_fisher_yates could be made static

  • it seems that sample_uniform_r_bits_with_fixed_prf_context is not used

  • it seems that generated_indices_mod_z could be made static

  • Functions K and L: the specification says that the least significant bits of the digest should be used. But seemingly the code uses the most significant bits. I see no cryptographic difference, but I am wondering regarding the consistency with the specification.

  • Functions K and L: This code here uses SHA3-384 (i.e. FIPS 202). But the specification seems to refer to SHA-384 (FIPS 180). Could you please help me what I am misunderstanding here? Do not get me wrong, I am happy to use SHA-3 considering that already SHAKE is in use and thus we only have one primitive we base on instead of two.

  • bit_scan_reverse_vartime does not exist -> DUNIFORM_SAMPLING=1 does not seem to compile

After now implementing C and acceleration support, I got these performance numbers on my laptop with AVX2 support. Note, the test performs 200 BIKE keygen/enc/dec rounds. The figures for Kyber performs 50.000 keygen/enc/dec rounds. You can obtain these values on your system by compiling leancrypto and invoke meson test -C build

BIKE 5 KEM 200 AVX2 1.37s BIKE 5 KEM 200 C 39.79s BIKE 3 KEM 200 AVX2 0.51s BIKE 3 KEM 200 C 15.57s BIKE 1 KEM 200 AVX2 0.16s BIKE 1 KEM 200 C 5.03s

Kyber 1024 KEM AVX2 50000 2.46s Kyber 1024 KEM C 50000 8.31s Kyber 768 KEM AVX2 50000 1.85s Kyber 768 KEM C 50000 5.25s Kyber 512 KEM C 50000 3.33s

Thanks a lot

[1] https://github.com/smuellerDD/leancrypto

smuellerDD avatar Sep 09 '24 00:09 smuellerDD