Preventing potential backdoors in BIKE algorithm

Year, pages: 2019, 179 - 193

BIKE suite of algorithms is one of the candidates in NIST call for public-key post-quantum cryptographic algorithms. It is a key-encapsulation mechanism based on QC-MDPC codes with purely ephemeral keys. The security device implementing such an algorithm therefore needs to generate multiple key pairs in its lifetime very efficiently. In our paper we explore the situation where BigBrother-type adversary can subtly corrupt the vendor(s) of the security devices (e.g., by altering the standard algorithms). In our model, BigBrother cannot preload the keys or synchronize the key generator by a covert channel, but is able to learn the secrets of security devices by observing the public execution of the KEM protocols. BigBrother typically obtains the secret through the usage of (masked) weak keys. However, we can also imagine other covert channels embedded into the ephemeral public keys by some unknown algorithm. To prevent these classes of attacks, we propose that the standard should explicitly specify a verifiable algorithm to transform the required key randomness into a set of keys.

Špaček, P., Zajac, P. 2019. Preventing potential backdoors in BIKE algorithm. In Tatra Mountains Mathematical Publications, vol. 73, no.1, pp. 179-193. 1210-3195. DOI: https://doi.org/10.2478/tmmp-2019-0013

Špaček, P., Zajac, P. (2019). Preventing potential backdoors in BIKE algorithm. Tatra Mountains Mathematical Publications, 73(1), 179-193. 1210-3195. DOI: https://doi.org/10.2478/tmmp-2019-0013

Publisher: Mathematical Institute, Slovak Academy of Sciences, Bratislava

© 2019 Mathematical Institute, Slovak Academy of Sciences. Licensed under the Creative Commons Attribution-NC-ND 4.0 International Public License.