A Combinatorial Approach to Avoiding Weak Keys in the BIKE Cryptosystem

Gretchen L Matthews,Emily McMillon
2024-10-15
Abstract:Bit Flipping Key Encapsulation (BIKE) is a code-based cryptosystem being considered in Round 4 of the NIST Post-Quantum Cryptography Standardization process. It is based on quasi-cyclic moderate-density parity-check (QC-MDPC) codes paired with an iterative decoder. While (low-density) parity-check codes have been demonstrated to perform well in practice, their capabilities are governed by the code's graphical representation and the choice of decoder rather than the traditional code parameters making it a challenge to determine the decoder failure rate (DFR). Moreover, decoding failures have been demonstrated to lead to attacks that recover the BIKE private key. In this paper, we consider structures leading to decoding failure for the iterative decoder used in BIKE. We demonstrate a strong relationship between weak keys and 4-cycles in the associated Tanner graph and harness it to describe the distance profile directly from the defining codeword. By exploiting the cycle structure of the graphs, we provide a new filter for the allowable keys in BIKE. These results apply to more general parity-check codes as well.
Information Theory
What problem does this paper attempt to address?
This paper attempts to address the issue of avoiding weak keys in the BitFlippingKeyEncapsulation (BIKE) cryptosystem. Specifically, the paper focuses on the structures that lead to iterative decoder failures and describes the distance distribution derived directly from these structures. The authors found a strong correlation between weak keys and 4-cycles in the Tanner graph and used this correlation to provide a new method for filtering permissible keys. These results are not only applicable to the BIKE cryptosystem but also to more general parity-check codes. ### Main Issues: 1. **Weak Key Problem**: In the BIKE cryptosystem, certain keys (referred to as weak keys) can cause decoding failures, which could potentially be exploited by attackers to recover the private key. 2. **Decoding Failure Rate (DFR)**: The decoding failure rate is an important security metric, but existing methods are difficult to calculate accurately and typically rely on extensive simulation experiments to estimate. ### Solutions: - **4-Cycle Analysis**: The paper identifies structural features related to weak keys by analyzing 4-cycles in the Tanner graph. - **Distance Distribution**: Introduces the concept of distance distribution, using these distributions to identify and filter weak keys. - **New Filter**: Provides a new filter to screen out weak keys that may lead to decoding failures. ### Methodology: - **Combinatorial Approach**: Utilizes combinatorial mathematics, particularly the counting of 4-cycles, to analyze the structure of weak keys. - **Experimental Validation**: Validates the effectiveness of the new filter through experimental results. ### Application Scope: - **BIKE Cryptosystem**: Primarily applied to the BIKE cryptosystem, but the method has a certain generality and can be extended to other cryptosystems based on parity-check codes. ### Contributions: - **Theoretical Contribution**: Provides a new theoretical framework explaining the relationship between weak keys and 4-cycles. - **Practical Contribution**: Proposes a practical filter that can effectively reduce the number of weak keys, enhancing the security of the system. Through these methods, the paper offers new ideas and tools to improve the security and reliability of the BIKE cryptosystem.