The decoding failure rate (DFR) of bit-flipping (BF) decoders for Moderate-Density Parity-Check (MDPC) codes is notoriously difficult to model and predict analytically. Method: This paper proposes BF-Max, a deterministic BF decoder that flips only the most unreliable bit per iteration and enforces a strict upper bound on the number of iterations. Contribution/Results: We present the first exact, analytically tractable DFR model for BF-type decoders—enabling rigorous, closed-form DFR prediction with significantly lower error than prior approaches and excellent agreement with simulations. The model facilitates principled, security-oriented parameter selection for MDPC-based cryptosystems. BF-Max retains the low computational complexity inherent to BF decoding while offering constant-time execution, minimal arithmetic overhead, and high hardware efficiency—making it particularly suitable for secure embedded and post-quantum cryptographic implementations.

The Bit-Flipping (BF) decoder, thanks to its very low computational complexity, is widely employed in post-quantum cryptographic schemes based on Moderate Density Parity Check codes in which, ultimately, decryption boils down to syndrome decoding. In such a setting, for security concerns, one must guarantee that the Decoding Failure Rate (DFR) is negligible. Such a condition, however, is very difficult to guarantee, because simulations are of little help and the decoder performance is difficult to model theoretically. In this paper, we introduce a new version of the BF decoder, that we call BF-Max, characterized by the fact that in each iteration only one bit (the least reliable) is flipped. When the number of iterations is equal to the number of errors to be corrected, we are able to develop a theoretical characterization of the DFR that tightly matches with numerical simulations. We also show how BF-Max can be implemented efficiently, achieving low complexity and making it inherently constant time. With our modeling, we are able to accurately predict values of DFR that are remarkably lower than those estimated by applying other approaches.