Advertisement

Designs, Codes and Cryptography

, Volume 59, Issue 1–3, pp 231–245 | Cite as

Some observations on HC-128

  • Subhamoy Maitra
  • Goutam Paul
  • Shashwat Raizada
  • Subhabrata Sen
  • Rudradev Sengupta
Article

Abstract

In this paper, we study HC-128 in detail from cryptanalytic point of view. First, we use linear approximation of the addition modulo 2 n of three n-bit integers to identify linear approximations of g 1, g 2, the feedback functions of HC-128. This, in turn, shows that the process of keystream output generation of HC-128 can be well approximated by linear functions. In this direction, we show that the “least significant bit” based distinguisher (presented by the designer himself) of HC-128 works for the complete 32-bit word. Using the above linear approximations of g 1, g 2, we present a new distinguisher for HC-128 which is slightly weaker than Wu’s distinguisher. Finally, in the line of Dunkelman’s observation, we also study how HC-128 keystream words leak secret state information of the cipher due to the properties of the functions h 1, h 2 and present improved results.

Keywords

Bias Cryptography Distinguishing attack eSTREAM Keystream Linear approximation Stream cipher 

Mathematics Subject Classification (2000)

94A60 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Basu R., Ganguly S., Maitra S., Paul G.: A complete characterization of the evolution of RC4 pseudo random generation algorithm. J. Math. Cryptol 2(3), 257–289 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  2. http://www.ecrypt.eu.org/stream/ [last accessed on December 6, 2010].
  3. Dunkelman O.: A small observation on HC-128. A message dated November 14, 2007 is available at http://www.ecrypt.eu.org/stream/phorum/read.php?1,1143 [last accessed on December 6, 2010].
  4. Jenkins R.J.: ISAAC and RC4. Available at http://burtleburtle.net/bob/rand/isaac.html [last accessed on December 6, 2010] (1996).
  5. Klein A.: Attacks on the RC4 stream cipher. Des. Codes Cryptogr. 48(3), 269–286 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  6. Maitra S., Paul G.: New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4. FSE, Lecture Notes in Computer Science, vol. 5086, pp. 253–269. Springer (2008).Google Scholar
  7. Maitra S., Paul G., Raizada S.: Some Observations on HC-128. Preproceedings of the International Workshop on Coding and Cryptography (WCC), May 10–15, (2009), Ullensvang, Norway, pp. 527–539.Google Scholar
  8. Mantin I.: A Practical Attack on the Fixed RC4 in the WEP Mode. ASIACRYPT 2005. Lecture Notes in Computer Science, vol. 3788, pp. 395–411. Springer (2005).Google Scholar
  9. Staffelbach O., Meier W.: Cryptographic Significance of the Carry for Ciphers Based on Integer Addition. CRYPTO 1990. Lecture Notes in Computer Science, vol. 537, pp. 601–614. Springer (1990).Google Scholar
  10. Wu H.: The Stream Cipher HC-128. http://www.ecrypt.eu.org/stream/hcp3.html [last accessed on December 6, 2010].

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  • Subhamoy Maitra
    • 1
  • Goutam Paul
    • 2
  • Shashwat Raizada
    • 3
  • Subhabrata Sen
    • 3
  • Rudradev Sengupta
    • 3
  1. 1.Applied Statistics Unit, Indian Statistical InstituteKolkataIndia
  2. 2.Department of Computer Science and EngineeringJadavpur UniversityKolkataIndia
  3. 3.Indian Statistical InstituteKolkataIndia

Personalised recommendations