libmceliece is based on the official Classic McEliece software, which was written by Tung Chou. See the following papers for the major algorithms used for speed inside that software:

• Daniel J. Bernstein, Tung Chou, Peter Schwabe. "McBits: fast constant-time code-based cryptography." CHES 2013. https://tungchou.github.io/papers/mcbits.pdf

• Tung Chou. "McBits revisited." CHES 2017. https://tungchou.github.io/papers/mcbits_revisited.pdf

The official Classic McEliece software includes ref, vec, sse, and avx implementations; libmceliece includes only vec and avx.

The following components of libmceliece are from Daniel J. Bernstein:

• Small changes for namespacing, portability, etc.

• Software to compute control bits (also used in the official software). See the following paper: Daniel J. Bernstein. "Verified fast formulas for control bits for permutation networks." 2020. https://cr.yp.to/papers.html#controlbits

• crypto_sort/int32. See https://sorting.cr.yp.to.

• Infrastructure to build a library with automatic run-time selection of implementations based on the run-time CPU and a database of benchmarks. This infrastructure was introduced in lib25519, with some extensions and adaptations in libmceliece.

• Various software for tests and benchmarks. This is based on public-domain code in the SUPERCOP benchmarking framework.

The underlying crypto_xof/shake256 software currently includes two SHAKE256 implementations. The tweet implementation is based on https://twitter.com/tweetfips202 by Daniel J. Bernstein, Peter Schwabe, and Gilles Van Assche. The unrollround implementation is from Daniel J. Bernstein.