06/03/2020:

In this update, we have fixed a few bugs in the Reference Implementation that were making our reference code inconsistent with the BIKE spec document v4.0 published at bikesuite.org on 05/03/2020 (spec available at: https://bikesuite.org/files/v4.0/BIKE_Spec.2020.05.03.1.pdf). 

These changes impact on the KATs which have been regenerated and made available at: https://bikesuite.org/files/v4.0/KAT.2020.06.03.1.zip.

The fixes can be summarized as follows:

- kem.c: 
-- line 55: in functionH, we have removed the procedure that used "m" to generate a seed, and instead "m" is now used as the seed itself. In other words, the previous code had an unnecessary procedure that was removed.
-- line 80: in functionL, the input to sha384 is now formatted as two R_SIZE byte arrays representing e0 and e1, instead of a single buffer of size N_SIZE. This ensures a consistent padding approach for consuming the error vector in function L.
-- line 221: in crypto_kem_enc, we have changed message "m" to be the first seed, instead of processing the seed through a PRNG to generate m. In other words, the previous code had an unnecessary procedure that was removed.
-- line 293: the backup error vector used in case of decoding failure during decapsulation was being considered as a buffer of n bytes, while it should be ceil(n/8) bytes.
- defs.h: line 68: the number of iterations for the BGF decoder algorithm for security level 1 was wrongly assigned as 7 in the previous version, while it should be 5 as listed in the spec. This was requiring from the implementation 2 additional iterations whilst 5 were enough.
- decode.c: line 176: the buffer 'mask' should be checked at position R_BITS+j, instead of position j. This ensures a consistent implementation of BGF with respect to Algorithm 1 of the spec.
- types.h: line 167: removed the third seed from structure double_seed_t because we need only 2 seeds for the protocol.