Analysis of Xorrotation with Application to an HC-128 Variant
Many cryptographic primitives rely on word rotations (R) and xor (X) to provide proper mixing. We give RX-system mixing a very general treatment and deduce some theoretical results on related probability distributions. Pure RX-systems are easy to break, so we show how to apply our theory to a more complex system that uses RX operations in combination with S-boxes. We construct an impractical (keystream complexity 290.9), but new and non-trivial distinguisher for a variant of HC-128 for which modular addition is replaced with xor.
KeywordsRX probability distribution stream cipher HC-128 cryptanalysis distinguisher
Unable to display preview. Download preview PDF.
- 1.Cover, T., Thomas, J.A.: Elements of Information Theory. Wiley series in Telecommunication. Wiley (1991)Google Scholar
- 2.Dunkelman, O.: Phorum5: ECRYPT forum, post ’A small observation on HC-128’, http://www.ecrypt.eu.org/stream/phorum/read.php?1,1143 (last accessed on January 14, 2011)
- 5.Liu, Y., Qin, T.: The key and IV setup of the stream ciphers HC-256 and HC-128. In: International Conference on Networks Security, Wireless Communications and Trusted Computing, pp. 430–433 (2009)Google Scholar
- 6.Maitra, S., Paul, G., Raizada, S., Sen, S., Sengupta, R.: Some observations on HC-128. In: Designs, Codes and Cryptography, pp. 1–15 (2010)Google Scholar
- 7.Paul, G., Maitra, S., Raizada, S.: A Combinatorial Analysis of HC-128. Cryptology ePrint Archive: Report 2010/387Google Scholar
- 10.Stankovski, P., Ruj, S., Hell, M., Johansson, T.: Improved Distinguishers for HC-128. In: Designs, Codes and Cryptography, pp. 1–16, http://dx.doi.org/10.1007/s10623-011-9550-9
- 11.Thomsen, S.S.: Cryptographic hash functions. PhD thesis, Technical University of Denmark (November 2008)Google Scholar