Paper 2024/1106

Masked Vector Sampling for HQC

Maxime Spyropoulos, Télécom Paris, Thales DIS
David Vigilant, Thales DIS
Fabrice Perion, Thales DIS
Renaud Pacalet, Télécom Paris
Laurent Sauvage, Télécom Paris

Anticipating the advent of large quantum computers, NIST started a worldwide competition in 2016 aiming to define the next cryptographic standards. HQC is one of these post-quantum schemes still in contention, with four others already in the process of being standardized. In 2022, Guo et al. introduced a timing attack that exploited an inconsistency in HQC rejection sampling function to recover its secret key in 866,000 calls to an oracle. The authors of HQC updated its specification by applying an algorithm to sample vectors in constant time. A masked implementation of this function was then proposed for BIKE but it is not directly applicable to HQC. In this paper we propose a masked specification-compliant version of HQC vector sampling function which relies, to our knowledge, on the first masked implementation of the Barrett reduction.

Available format(s)
Publication info
HQCMaskingSide-channel attackPost-quantum cryptography
Contact author(s)
maxime spyropoulos @ telecom-paris fr
david vigilant @ thalesgroup com
fabrice perion @ thalesgroup com
renaud pacalet @ telecom-paris fr
laurent sauvage @ telecom-paris fr
2024-07-08: approved
2024-07-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Maxime Spyropoulos and David Vigilant and Fabrice Perion and Renaud Pacalet and Laurent Sauvage},
      title = {Masked Vector Sampling for {HQC}},
      howpublished = {Cryptology ePrint Archive, Paper 2024/1106},
      year = {2024},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.