The constant-time random sampling kernel in HQC—a NIST post-quantum cryptography standard candidate—is security-critical yet computationally intensive, posing challenges for efficient, side-channel-resilient hardware implementation. Method: We propose a cross-layer co-optimization approach that jointly designs the algorithm and architecture under strict constant-time constraints, enabling logic minimization while preserving cryptographic security and side-channel robustness. A customized sampler is implemented on a Xilinx Artix-7 FPGA. Contribution/Results: Our design achieves a 24× latency reduction over the original HQC software implementation and a further 28× improvement over prior hardware samplers, while significantly reducing LUT and FF resource utilization. To the best of our knowledge, this is the first hardware sampler for HQC that simultaneously guarantees full constant-time execution, resistance to timing- and power-based side-channel attacks, and an order-of-magnitude performance gain.

HQC is one of the code-based finalists in the last round of the NIST post quantum cryptography standardization process. In this process, security and implementation efficiency are key metrics for the selection of the candidates. A critical compute kernel with respect to efficient hardware implementations and security in HQC is the sampling method used to derive random numbers. Due to its security criticality, recently an updated sampling algorithm was presented to increase its robustness against side-channel attacks. In this paper, we pursue a cross layer approach to optimize this new sampling algorithm to enable an efficient hardware implementation without comprising the original algorithmic security and side-channel attack robustness. We compare our cross layer based implementation to a direct hardware implementation of the original algorithm and to optimized implementations of the previous sampler version. All implementations are evaluated using the Xilinx Artix 7 FPGA. Our results show that our approach reduces the latency by a factor of 24 compared to the original algorithm and by a factor of 28 compared to the previously used sampler with significantly less resources.