liboqs HQC KEM Vulnerability in Post-Quantum Cryptography Library

A design flaw has been identified in the Hamming Quasi-Cyclic (HQC) Key Encapsulation Mechanism (KEM) implemented in liboqs, a C-language cryptographic library for post-quantum algorithms. This flaw, present in liboqs versions prior to 0.13.0, allows many malformed ciphertexts to share the same implicit rejection value, creating a potential risk in key derivation protocols. While no concrete attacks on HQC are currently known, the algorithm's security guarantees are weaker than those of other post-quantum KEMs like Kyber or ML-KEM. As a precaution, HQC is disabled by default in liboqs starting from version 0.13.0.

Impact

The vulnerability in HQC KEM leads to a lack of proper binding between the shared secret and the ciphertext, allowing for potential key reuse across different public keys. This could disrupt key derivation processes and introduce vulnerabilities in protocols that rely on HQC.

Remediation

Users should avoid using HQC in liboqs versions prior to 0.13.0, and if HQC is necessary, ensure that the public encapsulation keys and ciphertexts are included in the key derivation process.