Hamming Quasi-Cyclic (HQC) was chosen for the latest post-quantum cryptography standardization. A concatenated Reed-Muller (RM) and Reed-Solomon (RS) code is decoded during the HQC decryption. Soft-decision RS decoders achieve better error-correcting performance than hard-decision decoders and accordingly shorten the required codeword and key lengths. However, the only soft-decision decoder for HQC in prior works is an erasure-only decoder, which has limited coding gain. This paper analyzes other hardware-friendly soft-decision RS decoders and discovers that the generalized minimum-distance (GMD) decoder can better utilize the soft information available in HQC. Extending the Agrawal-Vardy bound for the scenario of HQC, it was found that the RS codeword length for HQC-128 can be reduced from 46 to 36. This paper also proposes efficient GMD decoder hardware architectures optimized for the short and low-rate RS codes used in HQC. The HQC-128 decryption utilizing the proposed GMD decoder achieves 20% and 15% reductions on the latency and area, respectively, compared to the decryption with hard-decision decoders.

翻译：汉明准循环（HQC）被选为最新后量子密码学标准化方案。HQC解密过程中需对级联的Reed-Muller（RM）码和Reed-Solomon（RS）码进行译码。软判决RS译码器相比硬判决译码器具有更优的纠错性能，从而可缩短所需码字长度和密钥长度。然而，现有工作中HQC唯一可用的软判决译码器仅为擦除译码器，其编码增益有限。本文分析了其他硬件友好的软判决RS译码器，发现广义最小距离（GMD）译码器能更充分利用HQC中的软信息。通过将Agrawal-Vardy界扩展至HQC场景，发现HQC-128的RS码字长度可从46降至36。本文还针对HQC中使用的短码长、低码率RS码，提出了优化的高效GMD译码器硬件架构。与使用硬判决译码器的解密方案相比，采用所提GMD译码器的HQC-128解密方案在延迟和面积上分别实现了20%和15%的缩减。