Advanced

Improved distinguishers for HC-128

Stankovski, Paul LU ; Ruj, Sushmita; Hell, Martin LU and Johansson, Thomas LU (2012) In Designs, Codes and Cryptography 63(2). p.225-240
Abstract
HC-128 is an eSTREAM final portfolio stream cipher. Several authors have investigated its security and, in particular, distinguishing attacks have been considered. Still, no one has been able to provide a distinguisher stronger than the one presented by Wu in the original HC-128 paper. In this paper we first argue that the keystream requirement in Wu’s original attack is underestimated by a factor of almost 2^8. Our revised analysis shows that the keystream complexity of Wu’s original attack is 2^160.471 32-bit keystream blocks. We then go on to investigate two new types of distinguishers on HC-128. One of them, a distinguisher counting the number of zeros in created blocks of bits, gives a biased distribution that requires 2^143.537 such... (More)
HC-128 is an eSTREAM final portfolio stream cipher. Several authors have investigated its security and, in particular, distinguishing attacks have been considered. Still, no one has been able to provide a distinguisher stronger than the one presented by Wu in the original HC-128 paper. In this paper we first argue that the keystream requirement in Wu’s original attack is underestimated by a factor of almost 2^8. Our revised analysis shows that the keystream complexity of Wu’s original attack is 2^160.471 32-bit keystream blocks. We then go on to investigate two new types of distinguishers on HC-128. One of them, a distinguisher counting the number of zeros in created blocks of bits, gives a biased distribution that requires 2^143.537 such constructed block samples (2^152.537 32-bit keystream blocks). For fairness, the same metric is used to compare our attack to Wu’s, and our improvement is significant compared to Wu’s original result. Furthermore, the vector-based methodology used is general and can be applied to any cryptographic primitive that reveals a suitable probability distribution. (Less)
Please use this url to cite or link to this publication:
author
organization
publishing date
type
Contribution to journal
publication status
published
subject
keywords
Stream cipher HC-128 Cryptanalysis Distinguisher
in
Designs, Codes and Cryptography
volume
63
issue
2
pages
225 - 240
publisher
Springer
external identifiers
  • wos:000300847300007
  • scopus:84868369443
ISSN
1573-7586
DOI
10.1007/s10623-011-9550-9
language
English
LU publication?
yes
id
d2c3a077-edaa-4cde-80e2-dafca9ec4ae9 (old id 2094631)
date added to LUP
2011-08-25 09:30:26
date last changed
2017-04-09 03:02:13
@article{d2c3a077-edaa-4cde-80e2-dafca9ec4ae9,
  abstract     = {HC-128 is an eSTREAM final portfolio stream cipher. Several authors have investigated its security and, in particular, distinguishing attacks have been considered. Still, no one has been able to provide a distinguisher stronger than the one presented by Wu in the original HC-128 paper. In this paper we first argue that the keystream requirement in Wu’s original attack is underestimated by a factor of almost 2^8. Our revised analysis shows that the keystream complexity of Wu’s original attack is 2^160.471 32-bit keystream blocks. We then go on to investigate two new types of distinguishers on HC-128. One of them, a distinguisher counting the number of zeros in created blocks of bits, gives a biased distribution that requires 2^143.537 such constructed block samples (2^152.537 32-bit keystream blocks). For fairness, the same metric is used to compare our attack to Wu’s, and our improvement is significant compared to Wu’s original result. Furthermore, the vector-based methodology used is general and can be applied to any cryptographic primitive that reveals a suitable probability distribution.},
  author       = {Stankovski, Paul and Ruj, Sushmita and Hell, Martin and Johansson, Thomas},
  issn         = {1573-7586},
  keyword      = {Stream cipher HC-128 Cryptanalysis Distinguisher},
  language     = {eng},
  number       = {2},
  pages        = {225--240},
  publisher    = {Springer},
  series       = {Designs, Codes and Cryptography},
  title        = {Improved distinguishers for HC-128},
  url          = {http://dx.doi.org/10.1007/s10623-011-9550-9},
  volume       = {63},
  year         = {2012},
}