In EDS ansehen

Multi-Value Plaintext-Checking and Full-Decryption Oracle-Based Attacks on HQC from Offline Templates

Gespeichert in:
Bibliographische Detailangaben
Titel: Multi-Value Plaintext-Checking and Full-Decryption Oracle-Based Attacks on HQC from Offline Templates
Autoren: Dong, Haiyue, Guo, Qian
Weitere Verfasser: Lund University, Faculty of Engineering, LTH, Departments at LTH, Department of Electrical and Information Technology, Secure and Networked Systems, Lunds universitet, Lunds Tekniska Högskola, Institutioner vid LTH, Institutionen för elektro- och informationsteknik, Säkerhets- och nätverkssystem, Originator, Lund University, Faculty of Engineering, LTH, LTH Profile areas, LTH Profile Area: AI and Digitalization, Lunds universitet, Lunds Tekniska Högskola, LTH profilområden, LTH profilområde: AI och digitalisering, Originator, Lund University, Profile areas and other strong research environments, Strategic research areas (SRA), ELLIIT: the Linköping-Lund initiative on IT and mobile communication, Lunds universitet, Profilområden och andra starka forskningsmiljöer, Strategiska forskningsområden (SFO), ELLIIT: the Linköping-Lund initiative on IT and mobile communication, Originator
Quelle: IACR Transactions on Cryptographic Hardware and Embedded Systems. 2025(4):254-289
Schlagwörter: Natural Sciences, Computer and Information Sciences, Computer Sciences, Naturvetenskap, Data- och informationsvetenskap (Datateknik), Datavetenskap (Datalogi)
Beschreibung: The Hamming Quasi-Cyclic (HQC) key encapsulation mechanism (KEM), recently selected by NIST for standardization in the Post-Quantum Cryptography (PQC) process, distinguishes itself through its efficiency, robust design based on hard decoding problems in coding theory, and well-characterized decryption failure rates. Despite its selection, practical security concerns arise from implementation threats, particularly those exploiting plaintext-checking (PC) oracles. While multi-value PC (MV-PC) and full decryption (FD) oracle attacks have been extensively studied in the context of lattice-based cryptography, their applicability to code-based schemes like HQC has remained relatively unexplored. In this work, we present the first MV-PC and FD oracle attacks targeting code-based KEMs, specifically on HQC. Our MV-PC attack significantly reduces the required oracle queries compared to previous PC oracle-based methods and holds implications for side-channel, key-mismatch, and fault-injection attacks. Our FD attack exhibits remarkable efficiency in trace complexity, achieving secret key recovery for hqc-128 with just two queries to a perfect oracle, and four queries for hqc-192 and hqc-256. Simulations further demonstrate the robustness of our MV-PC and FD oracle attacks against imperfect oracle responses. We experimentally validate the new attacks on an ARM Cortex-M4 microcontroller, highlighting the critical need for robust countermeasures. In particular, on such a platform, substantial leakage during operations like syndrome computation poses significant challenges to the efficiency of masking techniques in mitigating FD oracle attacks.
Zugangs-URL: https://doi.org/10.46586/tches.v2025.i4.254-289
Datenbank: SwePub
FullText Text:
  Availability: 0
CustomLinks:
  – Url: https://doi.org/10.46586/tches.v2025.i4.254-289#
    Name: EDS - SwePub (s4221598)
    Category: fullText
    Text: View record in SwePub
  – Url: https://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=EBSCO&SrcAuth=EBSCO&DestApp=WOS&ServiceName=TransferToWoS&DestLinkType=GeneralSearchSummary&Func=Links&author=Dong%20H
    Name: ISI
    Category: fullText
    Text: Nájsť tento článok vo Web of Science
    Icon: https://imagesrvr.epnet.com/ls/20docs.gif
    MouseOverText: Nájsť tento článok vo Web of Science
Header DbId: edsswe
DbLabel: SwePub
An: edsswe.oai.portal.research.lu.se.publications.2bcab300.0e14.490c.b2ca.bc197bd08f1b
RelevancyScore: 1115
AccessLevel: 6
PubType: Academic Journal
PubTypeId: academicJournal
PreciseRelevancyScore: 1114.736328125
IllustrationInfo
Items – Name: Title
  Label: Title
  Group: Ti
  Data: Multi-Value Plaintext-Checking and Full-Decryption Oracle-Based Attacks on HQC from Offline Templates
– Name: Author
  Label: Authors
  Group: Au
  Data: <searchLink fieldCode="AR" term="%22Dong%2C+Haiyue%22">Dong, Haiyue</searchLink><br /><searchLink fieldCode="AR" term="%22Guo%2C+Qian%22">Guo, Qian</searchLink>
– Name: Author
  Label: Contributors
  Group: Au
  Data: Lund University, Faculty of Engineering, LTH, Departments at LTH, Department of Electrical and Information Technology, Secure and Networked Systems, Lunds universitet, Lunds Tekniska Högskola, Institutioner vid LTH, Institutionen för elektro- och informationsteknik, Säkerhets- och nätverkssystem, Originator<br />Lund University, Faculty of Engineering, LTH, LTH Profile areas, LTH Profile Area: AI and Digitalization, Lunds universitet, Lunds Tekniska Högskola, LTH profilområden, LTH profilområde: AI och digitalisering, Originator<br />Lund University, Profile areas and other strong research environments, Strategic research areas (SRA), ELLIIT: the Linköping-Lund initiative on IT and mobile communication, Lunds universitet, Profilområden och andra starka forskningsmiljöer, Strategiska forskningsområden (SFO), ELLIIT: the Linköping-Lund initiative on IT and mobile communication, Originator
– Name: TitleSource
  Label: Source
  Group: Src
  Data: <i>IACR Transactions on Cryptographic Hardware and Embedded Systems</i>. 2025(4):254-289
– Name: Subject
  Label: Subject Terms
  Group: Su
  Data: <searchLink fieldCode="DE" term="%22Natural+Sciences%22">Natural Sciences</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+and+Information+Sciences%22">Computer and Information Sciences</searchLink><br /><searchLink fieldCode="DE" term="%22Computer+Sciences%22">Computer Sciences</searchLink><br /><searchLink fieldCode="DE" term="%22Naturvetenskap%22">Naturvetenskap</searchLink><br /><searchLink fieldCode="DE" term="%22Data-+och+informationsvetenskap+%28Datateknik%29%22">Data- och informationsvetenskap (Datateknik)</searchLink><br /><searchLink fieldCode="DE" term="%22Datavetenskap+%28Datalogi%29%22">Datavetenskap (Datalogi)</searchLink>
– Name: Abstract
  Label: Description
  Group: Ab
  Data: The Hamming Quasi-Cyclic (HQC) key encapsulation mechanism (KEM), recently selected by NIST for standardization in the Post-Quantum Cryptography (PQC) process, distinguishes itself through its efficiency, robust design based on hard decoding problems in coding theory, and well-characterized decryption failure rates. Despite its selection, practical security concerns arise from implementation threats, particularly those exploiting plaintext-checking (PC) oracles. While multi-value PC (MV-PC) and full decryption (FD) oracle attacks have been extensively studied in the context of lattice-based cryptography, their applicability to code-based schemes like HQC has remained relatively unexplored. In this work, we present the first MV-PC and FD oracle attacks targeting code-based KEMs, specifically on HQC. Our MV-PC attack significantly reduces the required oracle queries compared to previous PC oracle-based methods and holds implications for side-channel, key-mismatch, and fault-injection attacks. Our FD attack exhibits remarkable efficiency in trace complexity, achieving secret key recovery for hqc-128 with just two queries to a perfect oracle, and four queries for hqc-192 and hqc-256. Simulations further demonstrate the robustness of our MV-PC and FD oracle attacks against imperfect oracle responses. We experimentally validate the new attacks on an ARM Cortex-M4 microcontroller, highlighting the critical need for robust countermeasures. In particular, on such a platform, substantial leakage during operations like syndrome computation poses significant challenges to the efficiency of masking techniques in mitigating FD oracle attacks.
– Name: URL
  Label: Access URL
  Group: URL
  Data: <link linkTarget="URL" linkTerm="https://doi.org/10.46586/tches.v2025.i4.254-289" linkWindow="_blank">https://doi.org/10.46586/tches.v2025.i4.254-289</link>
PLink https://erproxy.cvtisr.sk/sfx/access?url=https://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=edsswe&AN=edsswe.oai.portal.research.lu.se.publications.2bcab300.0e14.490c.b2ca.bc197bd08f1b
RecordInfo BibRecord:
  BibEntity:
    Identifiers:
      – Type: doi
        Value: 10.46586/tches.v2025.i4.254-289
    Languages:
      – Text: English
    PhysicalDescription:
      Pagination:
        PageCount: 36
        StartPage: 254
    Subjects:
      – SubjectFull: Natural Sciences
        Type: general
      – SubjectFull: Computer and Information Sciences
        Type: general
      – SubjectFull: Computer Sciences
        Type: general
      – SubjectFull: Naturvetenskap
        Type: general
      – SubjectFull: Data- och informationsvetenskap (Datateknik)
        Type: general
      – SubjectFull: Datavetenskap (Datalogi)
        Type: general
    Titles:
      – TitleFull: Multi-Value Plaintext-Checking and Full-Decryption Oracle-Based Attacks on HQC from Offline Templates
        Type: main
  BibRelationships:
    HasContributorRelationships:
      – PersonEntity:
          Name:
            NameFull: Dong, Haiyue
      – PersonEntity:
          Name:
            NameFull: Guo, Qian
      – PersonEntity:
          Name:
            NameFull: Lund University, Faculty of Engineering, LTH, Departments at LTH, Department of Electrical and Information Technology, Secure and Networked Systems, Lunds universitet, Lunds Tekniska Högskola, Institutioner vid LTH, Institutionen för elektro- och informationsteknik, Säkerhets- och nätverkssystem, Originator
      – PersonEntity:
          Name:
            NameFull: Lund University, Faculty of Engineering, LTH, LTH Profile areas, LTH Profile Area: AI and Digitalization, Lunds universitet, Lunds Tekniska Högskola, LTH profilområden, LTH profilområde: AI och digitalisering, Originator
      – PersonEntity:
          Name:
            NameFull: Lund University, Profile areas and other strong research environments, Strategic research areas (SRA), ELLIIT: the Linköping-Lund initiative on IT and mobile communication, Lunds universitet, Profilområden och andra starka forskningsmiljöer, Strategiska forskningsområden (SFO), ELLIIT: the Linköping-Lund initiative on IT and mobile communication, Originator
    IsPartOfRelationships:
      – BibEntity:
          Dates:
            – D: 01
              M: 01
              Type: published
              Y: 2025
          Identifiers:
            – Type: issn-print
              Value: 25692925
            – Type: issn-locals
              Value: SWEPUB_FREE
            – Type: issn-locals
              Value: LU_SWEPUB
          Numbering:
            – Type: volume
              Value: 2025
            – Type: issue
              Value: 4
          Titles:
            – TitleFull: IACR Transactions on Cryptographic Hardware and Embedded Systems
              Type: main
ResultId 1