Single-Trace Key Recovery Attacks on HQC Using Valid and Invalid Ciphertexts
(2026)- Abstract
- As the Hamming Quasi-Cyclic (HQC) cryptosystem was recently selected by NIST for standardization, a thorough evaluation of its implementation security is critical before its widespread deployment.
This paper presents single-trace side-channel attacks that recover the full long-term secret key of HQC, experimentally evaluated on a protected Cortex-M4 implementation. We introduce two distinct attacks that significantly advance the state of the art: a passive attack that uniquely models key recovery as a moderate-density parity-check (MDPC) decoding problem from a single valid ciphertext, and an active chosen-ciphertext attack employing a new probing strategy on a linear combination of secret key components for significantly improved... (More) - As the Hamming Quasi-Cyclic (HQC) cryptosystem was recently selected by NIST for standardization, a thorough evaluation of its implementation security is critical before its widespread deployment.
This paper presents single-trace side-channel attacks that recover the full long-term secret key of HQC, experimentally evaluated on a protected Cortex-M4 implementation. We introduce two distinct attacks that significantly advance the state of the art: a passive attack that uniquely models key recovery as a moderate-density parity-check (MDPC) decoding problem from a single valid ciphertext, and an active chosen-ciphertext attack employing a new probing strategy on a linear combination of secret key components for significantly improved efficiency. Both attacks are enabled by a new information set decoding (ISD) variant that exploits soft side-channel information, a contribution of broader importance to code-based cryptography. Our experiments show that a single trace suffices for full key recovery under realistic conditions, effectively defeating countermeasures such as codeword masking for the first time. We also show that several existing defenses are ineffective against the new attacks. (Less)
Please use this url to cite or link to this publication:
https://lup.lub.lu.se/record/540b35a3-1530-422d-b9ff-72f33a4eaff8
- author
- Dong, Haiyue ; Guo, Qian LU and Nabokov, Denis LU
- organization
- publishing date
- 2026
- type
- Chapter in Book/Report/Conference proceeding
- publication status
- in press
- subject
- host publication
- Advances in Cryptology - EUROCRYPT 2026
- language
- English
- LU publication?
- yes
- id
- 540b35a3-1530-422d-b9ff-72f33a4eaff8
- date added to LUP
- 2026-02-24 17:00:11
- date last changed
- 2026-03-19 12:56:45
@inproceedings{540b35a3-1530-422d-b9ff-72f33a4eaff8,
abstract = {{As the Hamming Quasi-Cyclic (HQC) cryptosystem was recently selected by NIST for standardization, a thorough evaluation of its implementation security is critical before its widespread deployment. <br/>This paper presents single-trace side-channel attacks that recover the full long-term secret key of HQC, experimentally evaluated on a protected Cortex-M4 implementation. We introduce two distinct attacks that significantly advance the state of the art: a passive attack that uniquely models key recovery as a moderate-density parity-check (MDPC) decoding problem from a single valid ciphertext, and an active chosen-ciphertext attack employing a new probing strategy on a linear combination of secret key components for significantly improved efficiency. Both attacks are enabled by a new information set decoding (ISD) variant that exploits soft side-channel information, a contribution of broader importance to code-based cryptography. Our experiments show that a single trace suffices for full key recovery under realistic conditions, effectively defeating countermeasures such as codeword masking for the first time. We also show that several existing defenses are ineffective against the new attacks.}},
author = {{Dong, Haiyue and Guo, Qian and Nabokov, Denis}},
booktitle = {{Advances in Cryptology - EUROCRYPT 2026}},
language = {{eng}},
title = {{Single-Trace Key Recovery Attacks on HQC Using Valid and Invalid Ciphertexts}},
year = {{2026}},
}