Paper 2023/102

Cache-timing attack against HQC

Senyang Huang, Lund University
Rui Qi Sim, University of Adelaide
Chitchanok Chuengsatiansup, University of Melbourne
Qian Guo, Lund University
Thomas Johansson, Lund University

In this paper, we present the first chosen-ciphertext (CC) cache-timing attacks on the reference implementation of HQC. We build a cache-timing based distinguisher for implementing a plaintext-checking (PC) oracle. The PC oracle uses side-channel information to check if a given ciphertext decrypts to a given message. This is done by identifying a vulnerability during the generating process of two vectors in the reference implementation of HQC. We also propose a new method of using PC oracles for chosen-ciphertext side-channel attacks against HQC, which may have independent interest. We show a general proof-of-concept attack, where we use the Flush&Reload technique and also derive, in more detail, a practical attack on an HQC execution on Intel SGX, where the Prime&Probe technique is used. We show the exact path to do key recovery by explaining the detailed steps, using the PC oracle. In both scenarios, the new attack requires $53,857$ traces on average with much fewer PC oracle calls than the timing attack of Guo et al. CHES 2022 on an HQC implementation.

Available format(s)
Attacks and cryptanalysis
Publication info
Side-channel attacksCode-based cryptographyNIST PQC standardizationHQC
Contact author(s)
senyang huang @ eit lth se
c chuengsatiansup @ unimelb edu au
qian guo @ eit lth se
2023-04-14: last of 2 revisions
2023-01-27: received
See all versions
Short URL
Creative Commons Attribution


      author = {Senyang Huang and Rui Qi Sim and Chitchanok Chuengsatiansup and Qian Guo and Thomas Johansson},
      title = {Cache-timing attack against {HQC}},
      howpublished = {Cryptology ePrint Archive, Paper 2023/102},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.