Differential Fault Analysis of HC-128

HC-128 is a high speed stream cipher with a 128-bit secret key and a 128-bit initialization vector. It has passed all the three stages of the ECRYPT stream cipher project and is a member of the eSTREAM software portfolio. In this paper, we present a differential fault analysis attack on HC-128. The fault model in which we analyze the cipher is the one in which the attacker is able to fault a random word of the inner state of the cipher but cannot control its exact location nor its new faulted value. To perform the attack, we exploit the fact that some of the inner state words in HC-128 may be utilized several times without being updated. Our attack requires about 7968 faults and recovers the complete internal state of HC-128 by solving a set of 32 systems of linear equations over Z2 in 1024 variables.

[1]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[2]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.

[3]  Amr M. Youssef,et al.  Differential Fault Analysis of Rabbit , 2009, Selected Areas in Cryptography.

[4]  Erik Zenner,et al.  A Cache Timing Analysis of HC-256 , 2009, Selected Areas in Cryptography.

[5]  Willi Meier,et al.  Cryptographic Significance of the Carry for Ciphers Based on Integer Addition , 1990, CRYPTO.

[6]  Adi Shamir,et al.  Fault Analysis of Stream Ciphers , 2004, CHES.

[7]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[8]  Hongjun Wu,et al.  The Stream Cipher HC-128 , 2008, The eSTREAM Finalists.

[9]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[10]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[11]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[12]  Subhamoy Maitra,et al.  Some observations on HC-128 , 2011, Des. Codes Cryptogr..

[13]  Marc Joye,et al.  Cryptographic Hardware and Embedded Systems - CHES 2004 , 2004, Lecture Notes in Computer Science.

[14]  Matthew J. B. Robshaw,et al.  New Stream Cipher Designs: The eSTREAM Finalists , 2008 .

[15]  Pierre Dusart,et al.  Differential Fault Analysis on A.E.S , 2003, ACNS.

[16]  Hongjun Wu A New Stream Cipher HC-256 , 2004, FSE.