Paper 2023/1626

Et tu, Brute? SCA Assisted CCA using Valid Ciphertexts - A Case Study on HQC KEM

Thales Paiva, Fundep and CASNAV, Brazil
Prasanna Ravi, Temasek Labs@NTU, Singapore
Dirmanto Jap, Temasek Labs@NTU, Singapore
Shivam Bhasin, Temasek Labs@NTU, Singapore

HQC is a code-based key encapsulation mechanism (KEM) that was selected to move to the fourth round of the NIST post-quantum standardization process. While this scheme was previously targeted by side-channel assisted chosen-ciphertext attacks for key recovery, all these attacks have relied on malformed ciphertexts for key recovery. Thus, all these attacks can be easily prevented by deploying a detection based countermeasures for invalid ciphertexts, and refreshing the secret key upon detection of an invalid ciphertext. This prevents further exposure of the secret key to the attacker and thus serves as an attractive option for protection against prior attacks. Thus, in this work, we present a critical analysis of the detection based countermeasure, and present the first side-channel based chosen-ciphertext attack that attempts to utilize only valid ciphertexts for key recovery, thereby defeating the detection based countermeasure. We propose novel attacks exploiting leakage from the ExpandAndSum and FindPeaks operations within the Reed-Muller decoder for full key recovery with 100% success rate. We show that our attacks are quite robust to noise in the side-channel measurements, and we also present novel extensions of our attack to the shuffling countermeasure on both the ExpandAndSum and FindPeaks operation, which renders the shuffling countermeasure ineffective. Our work therefore shows that low-cost detection based countermeasures can be rendered ineffective, and cannot offer standalone protection against CC-based side-channel attacks. Thus, our work encourages more study towards development of new low-cost countermeasures against CC-based side-channel attacks.

Available format(s)
Attacks and cryptanalysis
Publication info
Code-based cryptographyElectromagnetic Side-Channel AttackHQCKey Encpasulation MechanismChosen Ciphertext Attack
Contact author(s)
thalespaiva @ gmail com
prasanna ravi @ ntu edu sg
djap @ ntu edu sg
sbhasin @ ntu edu sg
2024-04-18: revised
2023-10-19: received
See all versions
Short URL
Creative Commons Attribution


      author = {Thales Paiva and Prasanna Ravi and Dirmanto Jap and Shivam Bhasin},
      title = {Et tu, Brute? SCA Assisted CCA using Valid Ciphertexts - A Case Study on HQC KEM},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1626},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.