Two Attacks Against the HBB Stream Cipher

  • Antoine Joux
  • Frédéric Muller
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3557)


Hiji-Bij-Bij (HBB) is a new stream cipher proposed by Sarkar at Indocrypt’03. In this algorithm, classical LFSRs are replaced by cellular automata (CA). This idea of using CAs in such constructions was initially proposed by Sarkar at Crypto’02, in order to instantiate its new Filter-Combiner model.

In this paper, we show two attacks against HBB. First we apply differential cryptanalysis to the self-synchronizing mode. The resulting attack is very efficient since it recovers the secret key by processing a chosen message of length only 2 Kbytes. Then we describe an algebraic attack against the basic mode of HBB. This attack is much faster than exhaustive search for secret keys of length 256 bits.


Cellular Automaton Block Cipher Stream Cipher Algebraic Attack Linear Cryptanalysis 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Anderson, R.: Searching for the Optimum Correlation Attack. In: Preneel, B. (ed.) FSE 1994. LNCS, vol. 1008, pp. 137–143. Springer, Heidelberg (1995)Google Scholar
  2. 2.
    Armknecht, F., Krause, M.: Algebraic attacks on combiners with memory. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 162–175. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Barkan, E., Biham, E., Keller, N.: Instant ciphertext-only cryptanalysis of GSM encrypted communication. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 600–616. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Cho, J.Y., Pieprzyk, J.: Algebraic attacks on SOBER-t32 and SOBER-t16 without stuttering. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 49–64. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Coppersmith, D., Halevi, S., Jutla, C.: Cryptanalysis of stream ciphers with linear masking. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 515–532. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Coppersmith, D., Krawczyk, H., Mansour, Y.: The shrinking generator. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 22–39. Springer, Heidelberg (1994)Google Scholar
  7. 7.
    Courtois, N.: Fast algebraic attacks on stream ciphers with linear feedback. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 176–194. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Courtois, N., Meier, W.: Algebraic Attacks on Stream Ciphers with Linear Feedback. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 345–359. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  9. 9.
    Courtois, N.T., Pieprzyk, J.: Cryptanalysis of block ciphers with overdefined systems of equations. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 267–287. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Daemen, J.: Cipher and hash function design. Strategies based on linear and differential cryptanalysis. PhD thesis, march, ch. 9 (1995)Google Scholar
  11. 11.
    Daemen, J., Govaerts, R., Vandewalle, J.: A Practical Approach to the Design of High Speed Self-Synchronizing Stream Ciphers. In: Singapore ICCS/ISITA 1992, pp. 279–283. IEEE, Los Alamitos (1992)Google Scholar
  12. 12.
    Daemen, J., Rijmen, V.: AES Proposal: Rijndael, Version 2 (1999), NIST AES website,
  13. 13.
    Faugère, J.-C., Joux, A.: Algebraic cryptanalysis of hidden field equation (HFE) cryptosystems using gröbner bases. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 44–60. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    FIPS PUB 81. DES Modes of Operation (1980)Google Scholar
  15. 15.
    Golić, J.: On the Security of Nonlinear Filter Generators. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 173–188. Springer, Heidelberg (1996)Google Scholar
  16. 16.
    Golić, J., Clark, A., Dawson, E.: Generalized Inversion Attack on Nonlinear Filter Generators. IEEE Transactions on Computers 49(10), 1100–1109 (2000)CrossRefzbMATHGoogle Scholar
  17. 17.
    Hong, J., Lee, D.H., Chee, S., Sarkar, P.: Vulnerability of nonlinear filter generators based on linear finite state machines. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 193–209. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Joux, A., Muller, F.: Loosening the KNOT. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 87–99. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Klimov, A., Shamir, A.: Cryptographic Applications of T-functions. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 248–261. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  20. 20.
    Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994)Google Scholar
  21. 21.
    Maurer, U.: New approaches to the design of self-synchronizing stream ciphers. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 458–471. Springer, Heidelberg (1991)Google Scholar
  22. 22.
    Muller, F.: Differential Attacks and Stream Ciphers. In: State of the Art in Stream Ciphers. ECRYPT Network of Excellence in Cryptology, Workshop Record (2004)Google Scholar
  23. 23.
    Murphy, S., Robshaw, M.: Essential algebraic structure within the AES. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 1–16. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  24. 24.
    NESSIE - New European Schemes for Signature, Integrity and Encryption,
  25. 25.
    Preneel, B., Nuttin, M., Rijmen, V., Buelens, J.: Cryptanalysis of the CFB mode of the DES with a reduced number of rounds. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 212–223. Springer, Heidelberg (1994)Google Scholar
  26. 26.
    Sarkar, P.: The filter-combiner model for memoryless synchronous stream ciphers. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 533–548. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  27. 27.
    Sarkar, P.: Hiji-bij-bij: A new stream cipher with a self-synchronizing mode of operation. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 36–51. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  28. 28.
    Shamir, A., Kipnis, A.: Cryptanalysis of the HFE public key cryptosystem by relinearization. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 19–30. Springer, Heidelberg (1999)Google Scholar
  29. 29.
    Shamir, A., Patarin, J., Courtois, N., Klimov, A.: Efficient algorithms for solving overdefined systems of multivariate polynomial equations. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 392–407. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  30. 30.
    Siegenthaler, T.: Correlation-immunity of Nonlinear Combining Functions for Cryptographic Applications. IEEE Transactions on Information Theory 30, 776–780 (1984)zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Antoine Joux
    • 1
  • Frédéric Muller
    • 2
  1. 1.DGA and Univ. Versailles St-Quentin 
  2. 2.DCSSI Crypto Lab 

Personalised recommendations