Abstract
The Hamming Quasi-Cyclic (HQC) proposal is a promising candidate in the second round of the NIST Post-Quantum Cryptography Standardization project. It features small public key sizes, precise estimation of its decryption failure rates and contrary to most of the code-based systems, its security does not rely on hiding the structure of an error-correcting code. In this paper, we propose the first power side-channel attack on the Key Encapsulation Mechanism (KEM) version of HQC. Our attack utilizes a power side-channel to build an oracle that outputs whether the BCH decoder in HQC’s decryption algorithm corrects an error for a chosen ciphertext. Based on the decoding algorithm applied in HQC, it is shown how to design queries such that the output of the oracle allows to retrieve a large part of the secret key. The remaining part of the key can then be determined by an algorithm based on linear algebra. It is shown in experiments that less than 10000 measurements are sufficient to successfully mount the attack on the HQC reference implementation running on an ARM Cortex-M4 microcontroller.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
This follows from the fact that the BCH code has a minimum distance larger than 1.
- 2.
This condition is fulfilled for HQC-128, HQC-192 and HQC-256. In case of an HQC instance with \(4\not \mid (n_2+1)\), the algorithm works similarly but the patterns need to be slightly modified.
- 3.
The variable \(n\,-\,n_1n_2\) is equal to 123, 3 and 7 for HQC-128, HQC-192 and HQC-256, respectively.
References
Baan, H., et al.: NIST Post-Quantum Cryptography Standardization Round 2 Submission: Round5. https://round5.org
Bernstein, D.J., Chou, T., Schwabe, P.: McBits: fast constant-time code-based cryptography. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 250–272. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40349-1_15
Goodwill, G., Jun, B., Jaffe, J., Rohatgi, P.: A testing methodology for side-channel resistance validation. In: NIST Non-Invasive Attack Testing Workshop, vol. 7, pp. 115–136 (2011)
Hofheinz, D., Hövelmanns, K., Kiltz, E.: A modular analysis of the Fujisaki-Okamoto transformation. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 341–371. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70500-2_12
Huguenin-Dumittan, L., Vaudenay, S.: Classical Misuse Attacks on NIST Round 2 PQC: The Power of Rank-Based Schemes. Cryptology ePrint Archive, Report 2020/409 (2020). https://eprint.iacr.org/2020/409
Lu, X., et al.: NIST Post-Quantum Cryptography Standardization Round 2 Submission: LAC: Lattice-based Cryptosystems. https://csrc.nist.gov/Projects/post-quantum-cryptography/round-2-submissions
Melchor, C.A., et al.: NIST Post-Quantum Cryptography Standardization Round 2 Submission: Hamming Quasi-Cyclic (HQC). http://pqc-hqc.org/
National Institute of Standards and Technology (NIST), U.S. Department of Commerce: Post-quantum cryptography standardization (2017)
Paiva, T.B., Terada, R.: A timing attack on the HQC encryption scheme. In: Paterson, K.G., Stebila, D. (eds.) SAC 2019. LNCS, vol. 11959, pp. 551–573. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-38471-5_22
Prange, E.: The use of information sets in decoding cyclic codes. IEEE Trans. Inf. Theory 8(5), 5–9 (1962)
Ravi, P., Roy, S.S., Chattopadhyay, A., Bhasin, S.: Generic Side-channel attacks on CCA-secure lattice-based PKE and KEM schemes. Cryptology ePrint Archive, Report 2019/948 (2019). https://eprint.iacr.org/2019/948
Wafo-Tapa, G., Bettaieb, S., Bidoux, L., Gaborit, P., Marcatel, E.: A Practicable Timing Attack Against HQC and its Countermeasure. Cryptology ePrint Archive, Report 2019/909 (2019). https://eprint.iacr.org/2019/909
Acknowledgment
This work was supported by the German Research Foundation (DFG) under grant number SE2989/1-1 and by the European Research Council (ERC) under the European Union’s Horizon 2020 research and innovation programme (grant agreement No 801434).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Schamberger, T., Renner, J., Sigl, G., Wachter-Zeh, A. (2021). A Power Side-Channel Attack on the CCA2-Secure HQC KEM. In: Liardet, PY., Mentens, N. (eds) Smart Card Research and Advanced Applications. CARDIS 2020. Lecture Notes in Computer Science(), vol 12609. Springer, Cham. https://doi.org/10.1007/978-3-030-68487-7_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-68487-7_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-68486-0
Online ISBN: 978-3-030-68487-7
eBook Packages: Computer ScienceComputer Science (R0)