McBits: fast constant-time code-based cryptography

D.J. Bernstein, T. Chou, P. Schwabe

Research output: Book/ReportReportAcademic


This paper presents extremely fast algorithms for code-based public-key cryptography, including full protection against timing attacks. For example, at a 2^128 security level, this paper achieves a reciprocal decryption throughput of just 60493 cycles (plus cipher cost etc.) on a single Ivy Bridge core. These algorithms rely on an additive FFT for fast root computation, a transposed additive FFT for fast syndrome computation, and a sorting network to avoid cache-timing attacks. Keywords: McEliece, Niederreiter, CFS, bitslicing, software implementation
Original languageEnglish
Number of pages26
Publication statusPublished - 2015

Publication series

NameCryptology ePrint Archive

Fingerprint Dive into the research topics of 'McBits: fast constant-time code-based cryptography'. Together they form a unique fingerprint.

  • Cite this

    Bernstein, D. J., Chou, T., & Schwabe, P. (2015). McBits: fast constant-time code-based cryptography. (Cryptology ePrint Archive; Vol. 2015/610). IACR.