Generating a Random String with a Fixed Weight

  • Nir DruckerEmail author
  • Shay Gueron
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11527)


Generating, uniformly at random, a binary or a ternary string with a fixed length \(L\) and a prescribed weight W, is a step in several quantum safe cryptosystems (e. g., BIKE, NTRUEncrypt, NTRU LPrime, Lizard, McEliece).

This fixed weight vector selection generation is often implemented via a shuffling method or a rejection method, but not always in “constant time” side channel protected flow. A recently suggested constant time algorithm for this problem, uses Network Sorting and turns out to be quite efficient. This paper proposes a new method for this computation, with a side channel protected implementation. We compare it to the other methods for different combinations of \(L\) and W values. Our method turns out to be the fastest approach for the cases where \(L\) is (relatively) short and \(0.1 < W/L\le 0.5\). For example, this range falls within the parameters of NTRU LPrime, where our method achieves a \(3\times \) speedup in the string generation. This leads to an overall \(1.14 \times \) speedup for the NTRU LPrime key generation.


Software optimization Combinatorics Post Quantum Cryptography Coding 



We thank an anonymous reviewer for the comment that led to Algorithm 6. This research was supported by: The Israel Science Foundation (grant No. 1018/ 16); The BIU Center for Research in Applied Cryptography and Cyber Security, in conjunction with the Israel National Cyber Bureau in the Prime Minister’s Office; the Center for Cyber Law & Policy at the University of Haifa in conjunction with the Israel National Cyber Directorate in the Prime Minister’s Office.

Supplementary material


  1. 1.
  2. 2.
    NIST Post Quantum Cryptography - Round 1 Submissions (2018).
  3. 3.
    Alagic, G., et al.: Status report on the first round of the NIST post-quantum cryptography standardization process. Technical report (2019).
  4. 4.
    Aragon, N., et al.: BIKE: bit flipping key encapsulation (2017),
  5. 5.
    Bernstein, D.J.: djbsort (2018).
  6. 6.
    Bernstein, D.J., Chuengsatiansup, C., Lange, T., van Vredendaal, C.: NTRU prime: reducing attack surface at low cost. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 235–260. Springer, Cham (2018). Scholar
  7. 7.
    Bernstein, D.J., Lange, T.: eBACS: ECRYPT Benchmarking of Cryptographic Systems, December 2018.
  8. 8.
    Drucker, N., Gueron, S.: A toolbox for software optimization of QC-MDPC code-based cryptosystems. Cryptology ePrint Archive, Report 2017/1251 (2017).
  9. 9.
    Drucker, N., Gueron, S., Krasnov, V.: Making AES great again: the forthcoming vectorized AES instruction. Cryptology ePrint Archive, Report 2018/392 (2018).
  10. 10.
    Durstenfeld, R.: Algorithm 235: random permutation. Commun. ACM 7(7), 420 (1964)CrossRefGoogle Scholar
  11. 11.
    Fisher, R.A., Yates, F., et al.: Statistical tables for biological, agricultural and medical research. In: Statistical Tables for Biological, Agricultural and Medical Research, 3 edn. (1949)Google Scholar
  12. 12.
    Hoffstein, J., Howgrave-Graham, N., Pipher, J., Whyte, W.: Practical lattice-based cryptography: NTRUEncrypt and NTRUSign. In: Nguyen, P., Vallée, B. (eds.) The LLL Algorithm. Information Security and Cryptography, pp. 349–390. Springer, Heidelberg (2009). Scholar
  13. 13.
    Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) Algorithmic Number Theory, pp. 267–288. Springer, Berlin Heidelberg, Berlin, Heidelberg (1998). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.University of HaifaHaifaIsrael
  2. 2.AmazonSeattleUSA

Personalised recommendations