Paper 2024/1106
Masked Vector Sampling for HQC
Abstract
Anticipating the advent of large quantum computers, NIST started a worldwide competition in 2016 aiming to define the next cryptographic standards. HQC is one of these post-quantum schemes still in contention, with four others already in the process of being standardized. In 2022, Guo et al. introduced a timing attack that exploited an inconsistency in HQC rejection sampling function to recover its secret key in 866,000 calls to an oracle. The authors of HQC updated its specification by applying an algorithm to sample vectors in constant time. A masked implementation of this function was then proposed for BIKE but it is not directly applicable to HQC. In this paper we propose a masked specification-compliant version of HQC vector sampling function which relies, to our knowledge, on the first masked implementation of the Barrett reduction.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Preprint.
- Keywords
- HQCMaskingSide-channel attackPost-quantum cryptography
- Contact author(s)
-
maxime spyropoulos @ telecom-paris fr
david vigilant @ thalesgroup com
fabrice perion @ thalesgroup com
renaud pacalet @ telecom-paris fr
laurent sauvage @ telecom-paris fr - History
- 2024-07-08: approved
- 2024-07-07: received
- See all versions
- Short URL
- https://ia.cr/2024/1106
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2024/1106,
author = {Maxime Spyropoulos and David Vigilant and Fabrice Perion and Renaud Pacalet and Laurent Sauvage},
title = {Masked Vector Sampling for {HQC}},
howpublished = {Cryptology ePrint Archive, Paper 2024/1106},
year = {2024},
note = {\url{https://eprint.iacr.org/2024/1106}},
url = {https://eprint.iacr.org/2024/1106}
}
