Cryptology ePrint Archive: Report 2019/909

A Practicable Timing Attack Against HQC and its Countermeasure

Guillaume Wafo-Tapa and Slim Bettaieb and Loic Bidoux and Philippe Gaborit and Etienne Marcatel

Abstract: In this paper, we present a practicable chosen ciphertext timing attack retrieving the secret key of HQC. The attack exploits a correlation between the weight of the error to be decoded and the running time of the decoding algorithm of BCH codes. For the 128-bit security parameters of HQC, the attack runs in less than a minute on a desktop computer using 5441 decoding requests and has a success probability of approximately 93 percent. To prevent this attack, we propose a constant time algorithm for the decoding of BCH codes. Our implementation of the countermeasure achieves a constant time execution of the decoding process without a significant performance penalty.

Category / Keywords: public-key cryptography / HQC, BCH decoding, Timing attack, Constant time implementation.

Date: received 7 Aug 2019, last revised 23 Sep 2019

Contact author: kyzdra at yahoo fr,slim bettaieb@worldline com,loic bidoux@worldline com,gaborit@unilim fr,etienne marcatel@atos net

Available format(s): PDF | BibTeX Citation

Version: 20190923:151352 (All versions of this report)

Short URL: ia.cr/2019/909


[ Cryptology ePrint archive ]