Masked Vector Sampling for HQC

Maxime Spyropoulos; David Vigilant; Fabrice Perion; Renaud Pacalet; Laurent Sauvage

Paper 2024/1106

Masked Vector Sampling for HQC

Maxime Spyropoulos, Télécom Paris, Thales DIS

David Vigilant, Thales DIS

Fabrice Perion, Thales DIS

Renaud Pacalet, Télécom Paris

Laurent Sauvage, Télécom Paris

Abstract

Anticipating the advent of large quantum computers, NIST started a worldwide competition in 2016 aiming to define the next cryptographic standards. HQC is one of these post-quantum schemes still in contention, with three others already standardized. In 2022, Guo et al. introduced a timing attack that exploited an inconsistency in HQC rejection sampling function to recover its secret key in 866,000 calls to an oracle. The authors of HQC updated its specification by applying an algorithm to sample vectors in constant time. A masked implementation of this function was then proposed for BIKE but it is not directly applicable to HQC. In this paper we propose a masked specification-compliant version of HQC vector sampling function which relies, to our knowledge, on the first masked implementation of the Barrett reduction.

Metadata

Available format(s): PDF
Category: Implementation
Publication info: Preprint.
Keywords: HQC Masking Side-channel attack Post-quantum cryptography
Contact author(s): maxime spyropoulos @ telecom-paris fr
david vigilant @ thalesgroup com
fabrice perion @ thalesgroup com
renaud pacalet @ telecom-paris fr
laurent sauvage @ telecom-paris fr
History: 2024-10-11: revised; 2024-07-07: received; See all versions
Short URL: https://ia.cr/2024/1106
License: CC BY

BibTeX

@misc{cryptoeprint:2024/1106,
      author = {Maxime Spyropoulos and David Vigilant and Fabrice Perion and Renaud Pacalet and Laurent Sauvage},
      title = {Masked Vector Sampling for {HQC}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1106},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1106}
}