Cryptography Reference
In-Depth Information
Chapter 10
Stream Cipher HC-128
HC-128 [187] can be considered as the next level of evolution in the design
of RC4-like software stream ciphers. While the design philosophy of RC4 is
simplicity, lots of complicated operations and functions are used in HC-128
to increase the security. After several rounds of evaluations by eminent cryp-
tologists throughout the world for several years, HC-128 made its way into
the final eSTREAM [42] Portfolio (revision 1 in September 2008) in the soft-
ware category. Some cryptanalytic results have been discovered very recently,
but they do not pose any immediate threat to the use of the cipher. In this
chapter, we give a description of HC-128 along with exposition of the known
results.
10.1 Description of HC-128
Apart from standard notations, HC-128 uses the symbol ⊟ to denote sub-
traction modulo 512. Each word (or array element) is of 32 bits. Two tables P
and Q containing 512 words are used as internal states of HC-128. A 128-bit
secret key K[0,...,3] and a 128-bit initialization vector IV [0,...,3] are used
for key scheduling. The key and IV are expanded into an array W of 1280
words. Let the keystream word generated at the t-th step be denoted by s
t
,
t = 0,1,2,....
HC-128 uses the following six functions.
f
1
(x)
=
(x 7)⊕(x 18)⊕(x ≫ 3),
f
2
(x)
=
(x 17)⊕(x 19)⊕(x ≫ 10),
g
1
(x,y,z)
=
(x 10)⊕(z 23)
+ (y 8),
g
2
(x,y,z)
=
(x 10)⊕(z 23)
+ (y 8),
= Q[x
(0)
] + Q[256 + x
(2)
],
h
1
(x)
= P[x
(0)
] + P[256 + x
(2)
],
h
2
(x)
where x
(0)
,x
(1)
,x
(2)
and x
(3)
are the four bytes of a 32-bit word x =
x
(3)
x
(2)
x
(1)
x
(0)
, the order from the least to the most significant byte order
being from right to left.