Weak-Key Analysis for BIKE Post-Quantum Key Encapsulation Mechanism

TL;DR

This paper investigates the impact of weak keys on the security of the BIKE post-quantum cryptographic scheme, demonstrating potential vulnerabilities and proposing a key-check algorithm to mitigate weak-key risks.

Contribution

It provides the first extensive experimental analysis of weak-keys in BIKE and introduces a key-check algorithm to enhance security against weak-key attacks.

Findings

Weak-keys can significantly threaten BIKE's IND-CCA security.

Implementation shows the prevalence of weak-keys in BIKE.

Proposed key-check algorithm can effectively identify and prevent weak-keys.

Abstract

The evolution of quantum computers poses a serious threat to contemporary public-key encryption (PKE) schemes. To address this impending issue, the National Institute of Standards and Technology (NIST) is currently undertaking the Post-Quantum Cryptography (PQC) standardization project intending to evaluate and subsequently standardize the suitable PQC scheme(s). One such attractive approach, called Bit Flipping Key Encapsulation (BIKE), has made to the final round of the competition. Despite having some attractive features, the IND-CCA security of the BIKE depends on the average decoder failure rate (DFR), a higher value of which can facilitate a particular type of side-channel attack. Although the BIKE adopts a Black-Grey-Flip (BGF) decoder that offers a negligible DFR, the effect of weak-keys on the average DFR has not been fully investigated. Therefore, in this paper, we first perform an implementation of the BIKE scheme, and then through extensive experiments show that the weak-keys can be a potential threat to IND-CCA security of the BIKE scheme and thus need attention from the research community prior to standardization. We also propose a key-check algorithm that can potentially supplement the BIKE mechanism and prevent users from generating and adopting weak keys to address this issue.