Improved distinguishers for HC-128 |
| |
Authors: | Paul Stankovski Sushmita Ruj Martin Hell Thomas Johansson |
| |
Affiliation: | 1.Department of Electrical and Information Technology,Lund University,Lund,Sweden;2.School of Electrical Engineering and Computer Science,University of Ottawa,Ottawa,Canada |
| |
Abstract: | HC-128 is an eSTREAM final portfolio stream cipher. Several authors have investigated its security and, in particular, distinguishing attacks have been considered. Still, no one has been able to provide a distinguisher stronger than the one presented by Wu in the original HC-128 paper. In this paper we first argue that the keystream requirement in Wu’s original attack is underestimated by a factor of almost 28. Our revised analysis shows that the keystream complexity of Wu’s original attack is 2160.471 32-bit keystream blocks. We then go on to investigate two new types of distinguishers on HC-128. One of them, a distinguisher counting the number of zeros in created blocks of bits, gives a biased distribution that requires 2143.537 such constructed block samples (2152.537 32-bit keystream blocks). For fairness, the same metric is used to compare our attack to Wu’s, and our improvement is significant compared to Wu’s original result. Furthermore, the vector-based methodology used is general and can be applied to any cryptographic primitive that reveals a suitable probability distribution. |
| |
Keywords: | |
本文献已被 SpringerLink 等数据库收录! |
|