Abstract
In this paper, we study HC-128 in detail from cryptanalytic point of view. First, we use linear approximation of the addition modulo 2n of three n-bit integers to identify linear approximations of g 1, g 2, the feedback functions of HC-128. This, in turn, shows that the process of keystream output generation of HC-128 can be well approximated by linear functions. In this direction, we show that the “least significant bit” based distinguisher (presented by the designer himself) of HC-128 works for the complete 32-bit word. Using the above linear approximations of g 1, g 2, we present a new distinguisher for HC-128 which is slightly weaker than Wu’s distinguisher. Finally, in the line of Dunkelman’s observation, we also study how HC-128 keystream words leak secret state information of the cipher due to the properties of the functions h 1, h 2 and present improved results.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Basu R., Ganguly S., Maitra S., Paul G.: A complete characterization of the evolution of RC4 pseudo random generation algorithm. J. Math. Cryptol 2(3), 257–289 (2008)
http://www.ecrypt.eu.org/stream/ [last accessed on December 6, 2010].
Dunkelman O.: A small observation on HC-128. A message dated November 14, 2007 is available at http://www.ecrypt.eu.org/stream/phorum/read.php?1,1143 [last accessed on December 6, 2010].
Jenkins R.J.: ISAAC and RC4. Available at http://burtleburtle.net/bob/rand/isaac.html [last accessed on December 6, 2010] (1996).
Klein A.: Attacks on the RC4 stream cipher. Des. Codes Cryptogr. 48(3), 269–286 (2008)
Maitra S., Paul G.: New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4. FSE, Lecture Notes in Computer Science, vol. 5086, pp. 253–269. Springer (2008).
Maitra S., Paul G., Raizada S.: Some Observations on HC-128. Preproceedings of the International Workshop on Coding and Cryptography (WCC), May 10–15, (2009), Ullensvang, Norway, pp. 527–539.
Mantin I.: A Practical Attack on the Fixed RC4 in the WEP Mode. ASIACRYPT 2005. Lecture Notes in Computer Science, vol. 3788, pp. 395–411. Springer (2005).
Staffelbach O., Meier W.: Cryptographic Significance of the Carry for Ciphers Based on Integer Addition. CRYPTO 1990. Lecture Notes in Computer Science, vol. 537, pp. 601–614. Springer (1990).
Wu H.: The Stream Cipher HC-128. http://www.ecrypt.eu.org/stream/hcp3.html [last accessed on December 6, 2010].
Author information
Authors and Affiliations
Corresponding author
Additional information
This is a revised and extended version of the paper [7], written by the first three authors, that has been presented in WCC 2009 (here Sects. 4, 6). The additional result with the new distinguisher written by all the five authors appear in Sect. 5 of the current paper. The last two authors worked for this paper during the summer break (between the semesters in 2009) in their Bachelor of Statistics course.
Rights and permissions
About this article
Cite this article
Maitra, S., Paul, G., Raizada, S. et al. Some observations on HC-128. Des. Codes Cryptogr. 59, 231–245 (2011). https://doi.org/10.1007/s10623-010-9459-8
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-010-9459-8