HQC Post-Quantum Cryptography Decryption with Generalized Minimum-Distance Reed-Solomon Decoder

TL;DR

This paper enhances HQC post-quantum cryptography decryption by applying a generalized minimum-distance Reed-Solomon decoder, reducing code length, latency, and area through hardware-efficient design.

Contribution

It introduces a GMD decoder for HQC, extending prior soft-decision decoding methods, and demonstrates hardware architectures that improve decryption efficiency.

Findings

RS codeword length reduced from 46 to 36 for HQC-128

Decryption latency reduced by 20%

Decryption area reduced by 15%

Abstract

Hamming Quasi-Cyclic (HQC) was chosen for the latest post-quantum cryptography standardization. A concatenated Reed-Muller (RM) and Reed-Solomon (RS) code is decoded during the HQC decryption. Soft-decision RS decoders achieve better error-correcting performance than hard-decision decoders and accordingly shorten the required codeword and key lengths. However, the only soft-decision decoder for HQC in prior works is an erasure-only decoder, which has limited coding gain. This paper analyzes other hardware-friendly soft-decision RS decoders and discovers that the generalized minimum-distance (GMD) decoder can better utilize the soft information available in HQC. Extending the Agrawal-Vardy bound for the scenario of HQC, it was found that the RS codeword length for HQC-128 can be reduced from 46 to 36. This paper also proposes efficient GMD decoder hardware architectures optimized for the short and low-rate RS codes used in HQC. The HQC-128 decryption utilizing the proposed GMD decoder achieves 20% and 15% reductions on the latency and area, respectively, compared to the decryption with hard-decision decoders.