Breaking HuFu with 0 Leakage: A Side-Channel Analysis

Julien Devevey; Morgane Guerreau; Thomas Legavre; Ange Martinelli; Thomas Ricosset

Paper 2025/548

Breaking HuFu with 0 Leakage: A Side-Channel Analysis

Julien Devevey, ANSSI (Paris, France)

Morgane Guerreau, CryptoNext Security (Paris, France)

Thomas Legavre, ANSSI (Paris, France), Thales (France), Laboratoire de Recherche en Informatique de Paris 6

Ange Martinelli, ANSSI (Paris, France)

Thomas Ricosset, Thales (France)

Abstract

HuFu is an unstructured lattice-based signature scheme proposed during the NIST PQC standardization process. In this work, we present a side-channel analysis of HuFu's reference implementation. We first exploit the multiplications involving its two main secret matrices, recovering approximately half of their entries through a non-profiled power analysis with a few hundred traces. Using these coefficients, we reduce the dimension of the underlying LWE problem, enabling full secret key recovery with calls to a small block-sized BKZ. To mitigate this attack, we propose a countermeasure that replaces sensitive computations involving a secret matrix with equivalent operations derived solely from public elements, eliminating approximately half of the identified leakage and rendering the attack unfeasible. Finally, we perform a non-profiled power analysis targeting HuFu's Gaussian sampling procedure, recovering around 75\% of the remaining secret matrix's entries in a few hundred traces. While full key recovery remains computationally intensive, we demonstrate that partial knowledge of the secret significantly improves the efficiency of signature forgery.

Metadata

Available format(s): PDF
Category: Attacks and cryptanalysis
Publication info: Published elsewhere. CASCADE 2025
Keywords: SCA post-quantum signatures lattices leakage
Contact author(s): julien devevey @ ssi gouv fr
morgane guerreau @ cryptonext-security com
thomas legavre @ thalesgroup com
ange martinelli @ ssi gouv fr
thomas ricosset @ thalesgroup com
History: 2025-03-26: approved; 2025-03-25: received; See all versions
Short URL: https://ia.cr/2025/548
License: CC BY

BibTeX

@misc{cryptoeprint:2025/548,
      author = {Julien Devevey and Morgane Guerreau and Thomas Legavre and Ange Martinelli and Thomas Ricosset},
      title = {Breaking {HuFu} with 0 Leakage: A Side-Channel Analysis},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/548},
      year = {2025},
      url = {https://eprint.iacr.org/2025/548}
}