liboqs HQC Key Encapsulation Mechanism Secret-Dependent Branch Vulnerability

A vulnerability exists in liboqs, a cryptographic library implementing post-quantum algorithms, specifically within the HQC key encapsulation mechanism. This issue arises when the library is compiled with Clang at optimization levels above -O0, up to Clang 20. The vulnerability introduces multiple secret-dependent branches, which can be exploited in a proof-of-concept local attack to recover the entire secret key. The vulnerability is present in liboqs versions through 0.13.0.

Impact

Exploitation of this vulnerability leads to the recovery of the entire secret key used in the HQC key encapsulation mechanism.

Reproduction

To reproduce this vulnerability, compile liboqs with Clang at an optimization level above -O0, such as -O1 or -O2. Then, run a local attack that exploits the secret-dependent branches introduced by the optimization, targeting the HQC key encapsulation mechanism. This can be done using a proof-of-concept attack that takes advantage of the timing variations caused by the secret-dependent branching.

Remediation

Users can upgrade to liboqs version 0.14.0 or later, where this vulnerability has been fixed.