Abstract
HC-128 is an eSTREAM final portfolio stream cipher. Several authors have investigated its security and, in particular, distinguishing attacks have been considered. Still, no one has been able to provide a distinguisher stronger than the one presented by Wu in the original HC-128 paper. In this paper we first argue that the keystream requirement in Wu’s original attack is underestimated by a factor of almost 28. Our revised analysis shows that the keystream complexity of Wu’s original attack is 2160.471 32-bit keystream blocks. We then go on to investigate two new types of distinguishers on HC-128. One of them, a distinguisher counting the number of zeros in created blocks of bits, gives a biased distribution that requires 2143.537 such constructed block samples (2152.537 32-bit keystream blocks). For fairness, the same metric is used to compare our attack to Wu’s, and our improvement is significant compared to Wu’s original result. Furthermore, the vector-based methodology used is general and can be applied to any cryptographic primitive that reveals a suitable probability distribution.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Baignères T., Junod P., Vaudenay S.: How far can we go beyond linear cryptanalysis?. In: Advances in Cryptology—ASIACRYPT 2004. Lecture Notes in Computer Science, vol. 3329, pp. 432–450. Springer, Berlin (2004).
Cover T., Thomas J.A.: Elements of Information Theory. Wiley Series in Telecommunication. Wiley, New York (1991)
Dunkelman O.: Phorum5: ECRYPT Forum, Post ‘A Small Observation on HC-128’. http://www.ecrypt.eu.org/stream/phorum/read.php?1,1143. Last accessed 3 July 2011.
ECRYPT: D.SYM.3—The eSTREAM Portfolio 2009 Annual Update, ICT-2007-216676. http://www.ecrypt.eu.org/stream/D.SYM.3-v1.1.pdf. Last accessed 14 Jan 2011.
ECRYPT: eSTREAM: ECRYPT Stream Cipher Project, IST-2002-507932. http://www.ecrypt.eu.org/stream/. Last accessed 14 Jan 2011.
Hell M., Johansson T., Brynielsson L.: An overview of distinguishing attacks on stream ciphers. Cryptogr. Commun. 1(1), 71–94 (2008)
Kircanski A., Youssef A.M.: Differential fault analysis of HC-128. In: Africacrypt 2010. Lecture Notes in Computer Science, vol. 6055, pp. 360–377. Springer, Berlin (2010).
Liu Y., Qin T.: The key and IV setup of the stream ciphers HC-256 and HC-128. In: International Conference on Networks Security, Wireless Communications and Trusted Computing, pp. 430–433, Wuhan, China (2009).
Maitra S., Paul G., Raizada S., Sen S., Sengupta R.: Some observations on HC-128. Des. Codes Cryptogr. 59, 231–245 (2010)
Paul G., Maitra S., Raizada S.: A combinatorial analysis of HC-128. Cryptology. ePrint Archive: Report 2010/387.
Staffelbach O., Meier W.: Cryptographic significance of the carry for ciphers based on integer addition. In: Menezes A., Vanstone S.A. (eds.) CRYPTO. Lecture Notes in Computer Science, vol. 537, pp. 601–614. Springer, Berlin (1990).
Wu H.: The Stream Cipher HC-128. In: New Stream Cipher Designs, Lecture Notes in Computer Science, vol. 4986, pp. 39–47. Springer, Berlin (2008).
Wu H.: Phorum5: ECRYPT Forum, Post ‘Re: A Small Observation on HC-128’. http://www.ecrypt.eu.org/stream/phorum/read.php?1,1143. Last accessed 3 July 2011.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by L. R. Knudsen.
Rights and permissions
About this article
Cite this article
Stankovski, P., Ruj, S., Hell, M. et al. Improved distinguishers for HC-128. Des. Codes Cryptogr. 63, 225–240 (2012). https://doi.org/10.1007/s10623-011-9550-9
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-011-9550-9