Differential Fault Analysis of HC-128

  • Aleksandar Kircanski
  • Amr M. Youssef
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6055)


HC-128 is a high speed stream cipher with a 128-bit secret key and a 128-bit initialization vector. It has passed all the three stages of the ECRYPT stream cipher project and is a member of the eSTREAM software portfolio. In this paper, we present a differential fault analysis attack on HC-128. The fault model in which we analyze the cipher is the one in which the attacker is able to fault a random word of the inner state of the cipher but cannot control its exact location nor its new faulted value. To perform the attack, we exploit the fact that some of the inner state words in HC-128 may be utilized several times without being updated. Our attack requires about 7968 faults and recovers the complete internal state of HC-128 by solving a set of 32 systems of linear equations over Z 2 in 1024 variables.


Stream Cipher Fault Injection State Word Fault Analysis Side Channel Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)Google Scholar
  2. 2.
    Boneh, D., Demillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)Google Scholar
  3. 3.
    Dusart, P., Letourneux, G., Vivolo, O.: Differential fault analysis on AES. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 293–306. Springer, Heidelberg (2003)Google Scholar
  4. 4.
    Hoch, J., Shamir, A.: Fault Analysis of Stream Ciphers. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 240–253. Springer, Heidelberg (2004)Google Scholar
  5. 5.
    Kircanski, A., Youssef, M.A.: Differential Fault Analysis of Rabbit. In: Rijmen, V. (ed.) SAC 2009. LNCS, vol. 5867, pp. 197–214. Springer, Heidelberg (2009)Google Scholar
  6. 6.
    Maitra, S., Paul, G., Raizada, S.: Some observations on HC-128. In: Proceedings of the International Workshop on Coding and Cryptography, WCC, Ullensvang, Norway, May 10-15, pp. 527–539 (2009)Google Scholar
  7. 7.
    Mitzenmacher, M., Upfal, E.: Probability and Computing. Cambridge University Press, Cambridge, ISBN-10: 0521835402 Google Scholar
  8. 8.
    Staffelbach, O., Meier, W.: Cryptographic Significance of the Carry for Ciphers Based on Integer Addition. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 601–613. Springer, Heidelberg (1991)Google Scholar
  9. 9.
    Wu, H.: The Stream Cipher HC-128. In: Robshaw, M.J.B., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 39–47. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Wu, H.: A new stream cipher HC-256. In: Roy, K.B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 226–244. Springer, Heidelberg (2004)Google Scholar
  11. 11.
    Zenner, E.: A Cache Timing Analysis of HC-256. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 199–213. Springer, Heidelberg (2009)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Aleksandar Kircanski
    • 1
  • Amr M. Youssef
    • 1
  1. 1.Concordia Institute for Information Systems EngineeringConcordia UniversityMontreal, QuebecCanada

Personalised recommendations