Sciweavers

IWSEC
2009
Springer

Improved Distinguishing Attacks on HC-256

14 years 7 months ago
Improved Distinguishing Attacks on HC-256
The software-efficient stream cipher HC-256 was proposed by Wu at FSE 2004. Due to its impressive performance, the cipher was also a well-received entrant to the ECRYPT eSTREAM competition. The closely related stream cipher HC-128, also designed by Wu, went on to find a place in the final portfolio of the eSTREAM contest. The cipher HC-256 is word-oriented, with 32 bits in each word, and uses a 256-bit key and a 256-bit IV. Since HC-256 was published in 2004, barring a cachetiming analysis of unprotected implementations, there has not been any attack on the cipher. This paper makes two contributions. First, we build a class of distinguishers on HC-256, each of which requires testing the validity of about 2276.8 linear equations involving binary keystream variables. Thereby, our attacks improve the data complexity of the hitherto best-known distinguisher (presented by the designer along with the specifications of the cipher) by a factor of about 12. We also present another observatio...
Gautham Sekar, Bart Preneel
Added 27 May 2010
Updated 27 May 2010
Type Conference
Year 2009
Where IWSEC
Authors Gautham Sekar, Bart Preneel
Comments (0)