Porting of the library #22
Description
I have integrated BIKE into the leancrypto library [1]. The implementation works and complies with the BIKE-1 through 3 round 4 vectors. The implementations are provided for both user space as well as Linux kernel space integrated with the Linux crypto KPP API.
That said, during the porting, I identified some question. I would be grateful
if I can discuss them with you.
-
Can you please help me why you ALIGN(sizeof(idx_t)) of aligned_sk_t
considering that sk_t is already aligned to idx_t due to compressed_idx_d_t
including an array of uint32_t integers? -
it seems that compute_syndrome could be made static
-
it seems that sample_indicates_fisher_yates could be made static
-
it seems that sample_uniform_r_bits_with_fixed_prf_context is not used
-
it seems that generated_indices_mod_z could be made static
-
Functions K and L: the specification says that the least significant bits of
the digest should be used. But seemingly the code uses the most significant
bits. I see no cryptographic difference, but I am wondering regarding the
consistency with the specification. -
Functions K and L: This code here uses SHA3-384 (i.e. FIPS 202). But the
specification seems to refer to SHA-384 (FIPS 180). Could you please help me
what I am misunderstanding here? Do not get me wrong, I am happy to use SHA-3
considering that already SHAKE is in use and thus we only have one primitive
we base on instead of two. -
bit_scan_reverse_vartime does not exist -> DUNIFORM_SAMPLING=1 does not seem to compile
After now implementing C and acceleration support, I got these performance numbers on my laptop with AVX2 support. Note, the test performs 200 BIKE keygen/enc/dec rounds. The figures for Kyber performs 50.000 keygen/enc/dec rounds. You can obtain these values on your system by compiling leancrypto and invoke meson test -C build
BIKE 5 KEM 200 AVX2 1.37s
BIKE 5 KEM 200 C 39.79s
BIKE 3 KEM 200 AVX2 0.51s
BIKE 3 KEM 200 C 15.57s
BIKE 1 KEM 200 AVX2 0.16s
BIKE 1 KEM 200 C 5.03s
Kyber 1024 KEM AVX2 50000 2.46s
Kyber 1024 KEM C 50000 8.31s
Kyber 768 KEM AVX2 50000 1.85s
Kyber 768 KEM C 50000 5.25s
Kyber 512 KEM C 50000 3.33s
Thanks a lot