Multi-Value Plaintext-Checking and Full-Decryption Oracle-Based Attacks on HQC from Offline Templates
(2025) In IACR Transactions on Cryptographic Hardware and Embedded Systems 2025(4). p.254-289- Abstract
The Hamming Quasi-Cyclic (HQC) key encapsulation mechanism (KEM), recently selected by NIST for standardization in the Post-Quantum Cryptography (PQC) process, distinguishes itself through its efficiency, robust design based on hard decoding problems in coding theory, and well-characterized decryption failure rates. Despite its selection, practical security concerns arise from implementation threats, particularly those exploiting plaintext-checking (PC) oracles. While multi-value PC (MV-PC) and full decryption (FD) oracle attacks have been extensively studied in the context of lattice-based cryptography, their applicability to code-based schemes like HQC has remained relatively unexplored. In this work, we present the first MV-PC and FD... (More)
The Hamming Quasi-Cyclic (HQC) key encapsulation mechanism (KEM), recently selected by NIST for standardization in the Post-Quantum Cryptography (PQC) process, distinguishes itself through its efficiency, robust design based on hard decoding problems in coding theory, and well-characterized decryption failure rates. Despite its selection, practical security concerns arise from implementation threats, particularly those exploiting plaintext-checking (PC) oracles. While multi-value PC (MV-PC) and full decryption (FD) oracle attacks have been extensively studied in the context of lattice-based cryptography, their applicability to code-based schemes like HQC has remained relatively unexplored. In this work, we present the first MV-PC and FD oracle attacks targeting code-based KEMs, specifically on HQC. Our MV-PC attack significantly reduces the required oracle queries compared to previous PC oracle-based methods and holds implications for side-channel, key-mismatch, and fault-injection attacks. Our FD attack exhibits remarkable efficiency in trace complexity, achieving secret key recovery for hqc-128 with just two queries to a perfect oracle, and four queries for hqc-192 and hqc-256. Simulations further demonstrate the robustness of our MV-PC and FD oracle attacks against imperfect oracle responses. We experimentally validate the new attacks on an ARM Cortex-M4 microcontroller, highlighting the critical need for robust countermeasures. In particular, on such a platform, substantial leakage during operations like syndrome computation poses significant challenges to the efficiency of masking techniques in mitigating FD oracle attacks.
(Less)
- author
- Dong, Haiyue and Guo, Qian LU
- organization
- publishing date
- 2025-09
- type
- Contribution to journal
- publication status
- published
- subject
- keywords
- Code-based cryptography, HQC, Plaintext-checking oracle, Side-channel attacks
- in
- IACR Transactions on Cryptographic Hardware and Embedded Systems
- volume
- 2025
- issue
- 4
- pages
- 36 pages
- publisher
- Ruhr-University of Bochum
- external identifiers
-
- scopus:105016361176
- ISSN
- 2569-2925
- DOI
- 10.46586/tches.v2025.i4.254-289
- language
- English
- LU publication?
- yes
- id
- 2bcab300-0e14-490c-b2ca-bc197bd08f1b
- date added to LUP
- 2025-10-15 12:44:54
- date last changed
- 2025-10-15 12:45:06
@article{2bcab300-0e14-490c-b2ca-bc197bd08f1b,
abstract = {{<p>The Hamming Quasi-Cyclic (HQC) key encapsulation mechanism (KEM), recently selected by NIST for standardization in the Post-Quantum Cryptography (PQC) process, distinguishes itself through its efficiency, robust design based on hard decoding problems in coding theory, and well-characterized decryption failure rates. Despite its selection, practical security concerns arise from implementation threats, particularly those exploiting plaintext-checking (PC) oracles. While multi-value PC (MV-PC) and full decryption (FD) oracle attacks have been extensively studied in the context of lattice-based cryptography, their applicability to code-based schemes like HQC has remained relatively unexplored. In this work, we present the first MV-PC and FD oracle attacks targeting code-based KEMs, specifically on HQC. Our MV-PC attack significantly reduces the required oracle queries compared to previous PC oracle-based methods and holds implications for side-channel, key-mismatch, and fault-injection attacks. Our FD attack exhibits remarkable efficiency in trace complexity, achieving secret key recovery for hqc-128 with just two queries to a perfect oracle, and four queries for hqc-192 and hqc-256. Simulations further demonstrate the robustness of our MV-PC and FD oracle attacks against imperfect oracle responses. We experimentally validate the new attacks on an ARM Cortex-M4 microcontroller, highlighting the critical need for robust countermeasures. In particular, on such a platform, substantial leakage during operations like syndrome computation poses significant challenges to the efficiency of masking techniques in mitigating FD oracle attacks.</p>}},
author = {{Dong, Haiyue and Guo, Qian}},
issn = {{2569-2925}},
keywords = {{Code-based cryptography; HQC; Plaintext-checking oracle; Side-channel attacks}},
language = {{eng}},
number = {{4}},
pages = {{254--289}},
publisher = {{Ruhr-University of Bochum}},
series = {{IACR Transactions on Cryptographic Hardware and Embedded Systems}},
title = {{Multi-Value Plaintext-Checking and Full-Decryption Oracle-Based Attacks on HQC from Offline Templates}},
url = {{http://dx.doi.org/10.46586/tches.v2025.i4.254-289}},
doi = {{10.46586/tches.v2025.i4.254-289}},
volume = {{2025}},
year = {{2025}},
}