Some observations on HC-128

Authors:
Subhamoy Maitra;Goutam Paul;Shashwat Raizada;Subhabrata Sen;Rudradev Sengupta
Affiliations:
Applied Statistics Unit, Indian Statistical Institute, Kolkata, India 700 108;Department of Computer Science and Engineering, Jadavpur University, Kolkata, India 700 032;Indian Statistical Institute, Kolkata, India 700 108;Indian Statistical Institute, Kolkata, India 700 108;Indian Statistical Institute, Kolkata, India 700 108
Venue:
Designs, Codes and Cryptography
Year:
2011

Citing 4
Cited 5

Cryptographic Significance of the Carry for Ciphers Based on Integer Addition

CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
Attacks on the RC4 stream cipher

Designs, Codes and Cryptography
New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4

Fast Software Encryption
A practical attack on the fixed RC4 in the WEP mode

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security

A theoretical analysis of the structure of HC-128

IWSEC'11 Proceedings of the 6th International conference on Advances in information and computer security
Improved distinguishers for HC-128

Designs, Codes and Cryptography
Analysis of xorrotation with application to an HC-128 variant

ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
Impact of extending side channel attack on cipher variants: a case study with the HC series of stream ciphers

SPACE'12 Proceedings of the Second international conference on Security, Privacy, and Applied Cryptography Engineering
Optimized GPU implementation and performance analysis of HC series of stream ciphers

ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we study HC-128 in detail from cryptanalytic point of view. First, we use linear approximation of the addition modulo 2 n of three n-bit integers to identify linear approximations of g 1, g 2, the feedback functions of HC-128. This, in turn, shows that the process of keystream output generation of HC-128 can be well approximated by linear functions. In this direction, we show that the "least significant bit" based distinguisher (presented by the designer himself) of HC-128 works for the complete 32-bit word. Using the above linear approximations of g 1, g 2, we present a new distinguisher for HC-128 which is slightly weaker than Wu's distinguisher. Finally, in the line of Dunkelman's observation, we also study how HC-128 keystream words leak secret state information of the cipher due to the properties of the functions h 1, h 2 and present improved results.