Some observations on HC-128
- 153 Downloads
In this paper, we study HC-128 in detail from cryptanalytic point of view. First, we use linear approximation of the addition modulo 2 n of three n-bit integers to identify linear approximations of g 1, g 2, the feedback functions of HC-128. This, in turn, shows that the process of keystream output generation of HC-128 can be well approximated by linear functions. In this direction, we show that the “least significant bit” based distinguisher (presented by the designer himself) of HC-128 works for the complete 32-bit word. Using the above linear approximations of g 1, g 2, we present a new distinguisher for HC-128 which is slightly weaker than Wu’s distinguisher. Finally, in the line of Dunkelman’s observation, we also study how HC-128 keystream words leak secret state information of the cipher due to the properties of the functions h 1, h 2 and present improved results.
KeywordsBias Cryptography Distinguishing attack eSTREAM Keystream Linear approximation Stream cipher
Mathematics Subject Classification (2000)94A60
Unable to display preview. Download preview PDF.
- http://www.ecrypt.eu.org/stream/ [last accessed on December 6, 2010].
- Dunkelman O.: A small observation on HC-128. A message dated November 14, 2007 is available at http://www.ecrypt.eu.org/stream/phorum/read.php?1,1143 [last accessed on December 6, 2010].
- Jenkins R.J.: ISAAC and RC4. Available at http://burtleburtle.net/bob/rand/isaac.html [last accessed on December 6, 2010] (1996).
- Maitra S., Paul G.: New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4. FSE, Lecture Notes in Computer Science, vol. 5086, pp. 253–269. Springer (2008).Google Scholar
- Maitra S., Paul G., Raizada S.: Some Observations on HC-128. Preproceedings of the International Workshop on Coding and Cryptography (WCC), May 10–15, (2009), Ullensvang, Norway, pp. 527–539.Google Scholar
- Mantin I.: A Practical Attack on the Fixed RC4 in the WEP Mode. ASIACRYPT 2005. Lecture Notes in Computer Science, vol. 3788, pp. 395–411. Springer (2005).Google Scholar
- Staffelbach O., Meier W.: Cryptographic Significance of the Carry for Ciphers Based on Integer Addition. CRYPTO 1990. Lecture Notes in Computer Science, vol. 537, pp. 601–614. Springer (1990).Google Scholar
- Wu H.: The Stream Cipher HC-128. http://www.ecrypt.eu.org/stream/hcp3.html [last accessed on December 6, 2010].