Paper 2019/909

A Practicable Timing Attack Against HQC and its Countermeasure

Guillaume Wafo-Tapa, Slim Bettaieb, Loic Bidoux, Philippe Gaborit, and Etienne Marcatel


In this paper, we present a practicable chosen ciphertext timing attack retrieving the secret key of HQC. The attack exploits a correlation between the weight of the error to be decoded and the running time of the decoding algorithm of BCH codes. For the 128-bit security parameters of HQC, the attack runs in less than a minute on a desktop computer using 5441 decoding requests and has a success probability of approximately 93 percent. To prevent this attack, we propose a constant time algorithm for the decoding of BCH codes. Our implementation of the countermeasure achieves a constant time execution of the decoding process without a significant performance penalty.

Available format(s)
Public-key cryptography
Publication info
Preprint. Minor revision.
HQCBCH decodingTiming attackConstant time implementation.
Contact author(s)
kyzdra @ yahoo fr
slim bettaieb @ worldline com
loic bidoux @ worldline com
gaborit @ unilim fr
etienne marcatel @ atos net
2019-09-23: revised
2019-08-08: received
See all versions
Short URL
Creative Commons Attribution


      author = {Guillaume Wafo-Tapa and Slim Bettaieb and Loic Bidoux and Philippe Gaborit and Etienne Marcatel},
      title = {A Practicable Timing Attack Against HQC and its Countermeasure},
      howpublished = {Cryptology ePrint Archive, Paper 2019/909},
      year = {2019},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.