Paper 2023/1626

Et tu, Brute? SCA Assisted CCA using Valid Ciphertexts - A Case Study on HQC KEM

Thales Paiva, Fundep and CASNAV, Brazil
Prasanna Ravi, Temasek Labs@NTU, Singapore
Dirmanto Jap, Temasek Labs@NTU, Singapore
Shivam Bhasin, Temasek Labs@NTU, Singapore

HQC is a code-based key encapsulation mechanism (KEM) that was selected to move to the fourth round of the NIST post-quantum standardization process. While this scheme was previously targeted by side-channel assisted chosen-ciphertext attacks for key recovery, we notice that all of these attacks use malformed ciphertexts, which can be easily detected since they cause a decapsulation failure. In this case, designers may chose as a countermeasure to refresh the key whenever a failure occurs, making these previous attacks ineffective. In this work, we present the first side-channel assisted chosen-ciphertext attacks using valid ciphertexts which can be carried out in a stealthy manner for key recovery. Our attacks target side-channel leakage from two different operations within the Reed-Muller decoder used for decryption, and can recover the secret key with 100% success rate, even in the presence of errors in side-channel information. All our experiments are performed on the open-source implementation of HQC KEM taken from the pqm4 library, with our attacks validated using both the power and EM side-channel. We also demonstrate novel key recovery attacks which also work on shuffled implementations, and discuss applicability of our attack to masking countermeasures. To the best of our knowledge, we are not aware of a side-channel protected design for HQC KEM, and thus we believe our work stresses the need towards more research on secure and efficient masking and hiding countermeasures for HQC KEM.

Available format(s)
Attacks and cryptanalysis
Publication info
Code-based cryptographyElectromagnetic Side-Channel AttackHQCKey Encpasulation MechanismChosen Ciphertext Attack
Contact author(s)
thalespaiva @ gmail com
prasanna ravi @ ntu edu sg
djap @ ntu edu sg
sbhasin @ ntu edu sg
2023-10-20: approved
2023-10-19: received
See all versions
Short URL
Creative Commons Attribution


      author = {Thales Paiva and Prasanna Ravi and Dirmanto Jap and Shivam Bhasin},
      title = {Et tu, Brute? SCA Assisted CCA using Valid Ciphertexts - A Case Study on HQC KEM},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1626},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.