Impact of Extending Side Channel Attack on Cipher Variants: A Case Study with the HC Series of Stream Ciphers

  • Goutam Paul
  • Shashwat Raizada
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7644)


Side channel attacks are extremely implementation specific. An attack is tailor-made for a specific cipher algorithm implemented in a specific model. A natural question is: what is the effect of a side channel technique on a variant of the cipher algorithm implemented in a similar model? The motivation for such an investigation is to study the feasibility of using a cipher variant as a mode of recovering from a successful side channels attack. As a case study, we consider the HC series of stream ciphers, viz., HC-128 and HC-256. We extend the HC-128 fault attack and the HC-256 cache analysis onto the HC-256 and HC-128 ciphers respectively under similar models. The techniques applied on one variant is not trivially translatable to the other and the issue was left open until the current work. We propose a technique to recover half the state of HC-128 using cache analysis, which can be cascaded with the differential attack towards a full state recovery and hence key recovery. Similarly, we analyze the state leakage of HC-256 under differential fault attack model to achieve partial state recovery.


Cache Analysis Cryptography eSTREAM Fault Attack Side Chanel Cryptanalysis Stream Cipher 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bernstein, D.: Cache-timing attacks on AES (2005),
  2. 2.
    Boneh, D., Demillo, R.A., Lipton, R.J.: On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  3. 3.
    eSTREAM: the ECRYPT Stream Cipher Project,
  4. 4.
    Kircanski, A., Youssef, A.M.: Differential Fault Analysis of HC-128. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 261–278. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  5. 5.
    LAN/MAN Standard Committee. ANSI/IEEE standard 802.11b: Wireless LAN Medium Access Control (MAC) and Physical Layer (phy) Specifications (1999)Google Scholar
  6. 6.
    LAN/MAN Standard Committee. ANSI/IEEE standard 802.11i: Amendment 6: Wireless LAN Medium Access Control (MAC) and Physical Layer (phy) Specifications, Draft 3 (2003)Google Scholar
  7. 7.
    LAN/MAN Standard Committee. ANSI/IEEE standard 802.11i: Amendment 6: Wireless LAN Medium Access Control (MAC) and Physical Layer (phy) Specifications (2004)Google Scholar
  8. 8.
    Liu, Y., Qin, T.: The key and IV setup of the stream ciphers HC-256 and HC-128. In: International Conference on Networks Security, Wireless Communications and Trusted Computing, Wuhan, Hubei China, April 25-26, pp. 430–433 (2009)Google Scholar
  9. 9.
    Maitra, S., Paul, G., Raizada, S., Sen, S., Sengupta, R.: Some observations on HC-128. In: Designs, Codes and Cryptography, vol. 59(1-3), pp. 231–245 (2011)Google Scholar
  10. 10.
    Osvik, D.A., Shamir, A., Tromer, E.: Cache Attacks and Countermeasures: The Case of AES. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 1–20. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Paul, G., Maitra, S., Raizada, S.: A Theoretical Analysis of the Structure of HC-128. In: Iwata, T., Nishigaki, M. (eds.) IWSEC 2011. LNCS, vol. 7038, pp. 161–177. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  12. 12.
    Sekar, G., Preneel, B.: Improved Distinguishing Attacks on HC-256. In: Takagi, T., Mambo, M. (eds.) IWSEC 2009. LNCS, vol. 5824, pp. 38–52. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Stankovski, P., Ruj, S., Hell, M., Johansson, T.: Improved distinguishers for HC-128. In: Designs, Codes and Cryptography, vol. 63(2), pp. 225–240 (2012)Google Scholar
  14. 14.
    Skorobogatov, S.P., Anderson, R.J.: Optical Fault Induction Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Skorobogatov, S.P.: Semi-invasive attacks - A new approach to hardware security analysis. Technical Report No. UCAM-CL-TR-630, University of Cambridge, Computer Laborator (April 2005),
  16. 16.
    Wu, H.: The Stream Cipher HC-128 (2004),
  17. 17.
    Wu, H.: A New Stream Cipher HC-256. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 226–244. Springer, Heidelberg (2004), Scholar
  18. 18.
    Zenner, E.: A Cache Timing Analysis of HC-256. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 199–213. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Zenner, E.: Cache Timing Analysis of eStream Finalists. Dagstuhl Seminar Proceedings 09031, Symmetric Cryptography (March 9, 2009),

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Goutam Paul
    • 1
  • Shashwat Raizada
    • 2
  1. 1.Department of Computer Science and EngineeringJadavpur UniversityKolkataIndia
  2. 2.Applied Statistics UnitIndian Statistical InstituteKolkataIndia

Personalised recommendations