Cryptology ePrint Archive: Report 2008/499

Some Observations on HC-128

Subhamoy Maitra and Goutam Paul and Shashwat Raizada

Abstract: In this paper, we use linear approximations of the addition modulo $2^n$ of three $n$-bit integers to identify linear approximations of $g_1, g_2$, the feedback functions of HC-128. This, in turn, shows that the process of keystream output generation of HC-128 can be well approximated by linear functions. In this direction, we show that the ``least significant bit" based distinguisher (presented by the designer himself) of HC-128 works for the complete 32-bit word. In a different note, in the line of Dunkelman's observation, we also study how HC-128 keystream words leak secret state information of the cipher due to the properties of the functions $h_1, h_2$ and present improved results.

Category / Keywords: Bias, Cryptography, Distinguishing Attack, eStream, Keystream, Linear Approximation, Stream Cipher.

Publication Info: WCC 2009 (extended version in DCC 2011)

Date: received 27 Nov 2008, last revised 16 Nov 2011

Contact author: subho at isical ac in

Available formats: PDF | BibTeX Citation

Note: Publication information added

Version: 20111116:085221 (All versions of this report)

Discussion forum: Show discussion | Start new discussion