Paper 2008/499

Some Observations on HC-128

Subhamoy Maitra, Goutam Paul, and Shashwat Raizada

Abstract

In this paper, we use linear approximations of the addition modulo 2n of three n-bit integers to identify linear approximations of g1,g2, the feedback functions of HC-128. This, in turn, shows that the process of keystream output generation of HC-128 can be well approximated by linear functions. In this direction, we show that the ``least significant bit" based distinguisher (presented by the designer himself) of HC-128 works for the complete 32-bit word. In a different note, in the line of Dunkelman's observation, we also study how HC-128 keystream words leak secret state information of the cipher due to the properties of the functions h1,h2 and present improved results.

Note: Publication information added

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. WCC 2009 (extended version in DCC 2011)
Keywords
BiasCryptographyDistinguishing AttackeStreamKeystreamLinear ApproximationStream Cipher.
Contact author(s)
subho @ isical ac in
History
2011-11-16: last of 2 revisions
2008-12-02: received
See all versions
Short URL
https://ia.cr/2008/499
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2008/499,
      author = {Subhamoy Maitra and Goutam Paul and Shashwat Raizada},
      title = {Some Observations on {HC}-128},
      howpublished = {Cryptology {ePrint} Archive, Paper 2008/499},
      year = {2008},
      url = {https://eprint.iacr.org/2008/499}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.