Efficient Microcontroller Implementation of BIKE

  • Mario Bischof
  • Tobias OderEmail author
  • Tim Güneysu
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12001)


In the digital world, public-key cryptography is ubiquitous. Current public-key crypto schemes like RSA or Diffie-Hellmann are in widespread use and they represent an indispensable asset of our technological toolbox. However, the discovery of Shor’s algorithm and the rapid progression in the field of quantum computers became a painful reminder of our alerting dependency on such technologies. At the same time, this realization started a demand for new cryptographic algorithms withstanding the power of quantum computers. The National Institute of Standards and Technology (NIST) aimed to satisfy this urge by initiating a standardization process in 2017 with a call for proposals of post-quantum key exchange mechanisms and signature algorithms. One of the submissions that made it to the second round is the key encapsulation mechanism BIKE.

This work investigates various techniques to achieve an efficient and secure implementation of BIKE on embedded devices. We show that it is possible for BIKE to run on a Cortex-M4 microcontroller using reduced data representation and adequate decoding algorithms. Our implementation achieves a performance of 6 million cycles for key generation, 7 million cycles for encapsulation, and 89 million cycles for decapsulation for BIKE-1.


Post-quantum cryptography Code-based cryptography BIKE KEM Microcontroller Timing attacks Cortex-M4 



This work was supported in part through DFG Excellence Strategy grant 39078197 (EXC 2092, CASA), and by the Federal Ministry of Education and Research of Germany through the QuantumRISC project (16KIS1038).

Supplementary material


  1. 1.
    Aguilar-Melchor, C., et al.: Hamming Quasi-Cyclic (HQC), November 2017. Submission to the NIST post quantum standardization process (2017)Google Scholar
  2. 2.
    Aragon, N., et al.: Bike: Bit Flipping Key Encapsulation (2018). Accessed 18 Nov 2019
  3. 3.
    Bernstein, D.J., et al.: Classic McEliece: conservative code-based cryptography (2017). Submission to the NIST post quantum standardization process (2017)Google Scholar
  4. 4.
    Brent, R.P., Gaudry, P., Thomé, E., Zimmermann, P.: Faster multiplication in GF(2)[x]. In: van der Poorten, A.J., Stein, A. (eds.) ANTS 2008. LNCS, vol. 5011, pp. 153–166. Springer, Heidelberg (2008). Scholar
  5. 5.
    Brent, R.P., Gaudry, P., Thomé, E., Zimmermann, P.: InriaForge: gf2x: Project home (2018). Accessed 18 Nov 2019
  6. 6.
    Gallager, R.G.: Low-density parity-check codes. IRE Trans. Inf. Theory 8(1), 21–28 (1962)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Gay, O.: Fast software implementation in C of the FIPS 180–2 hash algorithms SHA-224, SHA-256, SHA-384 and SHA-512 (2018). Accessed 18 Nov 2019
  8. 8.
    McEliece, R.J.: A public-key cryptosystem based on algebraic coding theory. JPL DSN Progress Report 44 (1978)Google Scholar
  9. 9.
    Kannwischer, M.J., Rijneveld, J., Schwabe, P., Stoffelen, K.: pqm4: testing and benchmarking NIST PQC on ARM Cortex-M4. Cryptology ePrint Archive, Report 2019/844 (2019).
  10. 10.
    kokke. Small portable AES128/192/256 in C (2018). Accessed 18 Nov 2019
  11. 11.
    Montgomery, P.L.: Five, six, and seven-term Karatsuba-like formulae. IEEE Trans. Comput. 54(3), 362–369 (2005)CrossRefGoogle Scholar
  12. 12.
    Moody, D.: The ship has sailed: the NIST post-quantum cryptography “competition”. In: Invited talk at ASIACRYPT 2017, Hongkong (2017)Google Scholar
  13. 13.
    Moody, D.: Round 2 of NIST PQC competition. Invited talk at PQCrypto 2019, Chongqing, China (2019)Google Scholar
  14. 14.
    Moses, T.: Quantum Computing and Cryptography - Their impact on cryptographic practice. Technical report, Entrust, Inc. (2009).
  15. 15.
    Niederreiter, H.: Knapsack type cryptosystems and algebraic coding theory. Prob. Control Inf. Theory 15(2), 159–166 (1986)MathSciNetzbMATHGoogle Scholar
  16. 16.
    NIST. Post-Quantum Cryptography: NIST’s Plan for the Future. Technical report, NIST (2016).
  17. 17.
    NIST. Call for Proposals - Post-Quantum Cryptography—CSRC. Technical report, NIST (2017).
  18. 18.
    NIST. Post-Quantum Cryptography - Workshops and Timeline. Technical report, NIST (2017).
  19. 19.
    NIST. PQC Standardization Process: Second Round Candidate Announcement. Technical report, NIST (2019).
  20. 20.
    NIST. Status Report on the First Round of the NIST Post-Quantum Cryptography Standardization Process. Technical report, NIST (2019).
  21. 21.
    Ouzan, S., Be’ery, Y.: Moderate-density parity-check codes. CoRR, abs/0911.3262 (2009)Google Scholar
  22. 22.
    Schwabe, P., Stoffelen, K.: All the AES you need on Cortex-M3 and M4. In: Avanzi, R., Heys, H. (eds.) SAC 2016. LNCS, vol. 10532, pp. 180–194. Springer, Cham (2017). Scholar
  23. 23.
    Shor, P.: Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. Technical report, AT&T Research (1996).
  24. 24.
    Shoup, V.: NTL: A library for doing number theory (2018). Accessed 18 Nov 2019
  25. 25.
    Stehlé, D., Zimmermann, P.: A binary recursive Gcd algorithm. In: Buell, D. (ed.) ANTS 2004. LNCS, vol. 3076, pp. 411–425. Springer, Heidelberg (2004). Scholar
  26. 26.
    von Maurich, I.: Efficient implementation of code- and hash-based cryptography. Ph.D. thesis, Ruhr University Bochum, Germany (2017)Google Scholar
  27. 27.
    von Maurich, I., Güneysu, T.: Lightweight code-based cryptography: QC-MDPC McEliece encryption on reconfigurable devices. In: Design, Automation & Test in Europe Conference & Exhibition, DATE 2014, Dresden, Germany, 24–28 March 2014, pp. 1–6 (2014)Google Scholar
  28. 28.
    von Maurich, I., Güneysu, T.: Towards side-channel resistant implementations of QC-MDPC McEliece encryption on constrained devices. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 266–282. Springer, Cham (2014). Scholar
  29. 29.
    von Maurich, I., Oder, T., Güneysu, T.: Implementing QC-MDPC McEliece encryption. ACM Trans. Embedded Comput. Syst. 14(3), 44:1–44:27 (2015)CrossRefGoogle Scholar
  30. 30.
    Weimerskirch, A., Paar, C.: Generalizations of the Karatsuba algorithm for efficient implementations. IACR Cryptology ePrint Archive, 2006:224 (2006)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Swiss Distance University of Applied Sciences (FFHS) BrigBrigSwitzerland
  2. 2.Horst Görtz Institute for IT SecurityRuhr-Universität BochumBochumGermany
  3. 3.DFKIBremenGermany

Personalised recommendations