Date of Submission

1-28-2015

Date of Award

1-28-2016

Institute Name (Publisher)

Indian Statistical Institute

Document Type

Doctoral Thesis

Degree Name

Doctor of Philosophy

Subject Name

Cryptology

Department

Economic Research Unit (ERU-Kolkata)

Supervisor

Maitra, Subhamoy (ERU-Kolkata; ISI)

Abstract (Summary of the Work)

The HC-128 stream cipher is a successful entrant in the eStream candidate list (software profile) and is the lighter variant of HC-256 stream cipher. Apart from the analysis by the designer of the cipher (Hongjun Wu) to conjecture the security of this cipher, there are only a few other observations on this cipher despite being the focus of researchers during the three phases of eStream evaluation and later efforts in the community. Till date none of the security claims in favor of HC-128 by the designer could be broken. One may expect HC-128 stream cipher to be popular in commercial domain in near future, if not already so. This thesis presents a rigorous study in different aspects of this stream cipher covering combinatorial analysis, distinguishers, design modification proposal, side channel analysis on this cipher and finally implementation strategies.We first show that the knowledge of any one of the two internal state arrays of HC-128 along with the knowledge of 2048 keystream words is sufficient to construct the other state array completely in 2 42 time complexity. This analysis reveals a structural insight into the cipher’s internal state along with theoretically establishing some novel combinatorial properties of HC-128 keystream generation algorithm.Next, using linear approximation of the addition modulo 2n of three n-bit integers, we identify linear approximations of g1, g2, the feedback functions of HC-128. Here we show that the process of keystream output generation of HC128 can be well approximated by linear functions wherein the “least significant bit" based distinguisher (presented by the designer of the cipher) of HC-128 can be extended for the other bits of the 32-bit word. Further, using the above linear approximations of g1, g2, we also present several other distinguishers in the line of the distinguisher proposed by the designer of the cipher. We also study how HC-128 keystream words leak secret state information of the cipher due to the properties of the functions h1, h2 and present improved results.The third major aspect covered in this thesis is on side channel attacks against HC series of stream ciphers. We extend the existing HC-128 fault attack and the HC-256 cache analysis onto the HC-256 and HC-128 ciphers respectively under similar models. The techniques applied on one variant is not trivially translatable to the other and the issue was left open until this work. Here we propose a technique to recover half the state of HC-128 using cache analysis, which can be cascaded with the differential attack towards a full state recovery and hence key recovery. In a similar line, we analyze the state leakage of HC-256 under differential fault attack model to achieve partial state recovery.We finally study several implementation issues for HC-128 in a disciplined manner. HC-128 is primarily designed as a software stream cipher aiming for sequential execution on general purpose processors and so we first carry out implementations in this direction on embedded and customizable processors. Next we consider the ASIC implementation for a co-processor design that will house such ciphers. Further we explore several parallelization strategies for faster execution of the cipher. We present a detailed implementation exercise for the HC-128 stream cipher on special purpose hardware.In summary, though we could not break any security conjecture made by the designer for HC-128, our analysis explores different aspects of the cipher from analysis, design and implementation. Our work has also stimulated further research on this cipher that is evident from the literature.

Comments

ProQuest Collection ID: http://gateway.proquest.com/openurl?url_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:dissertation&res_dat=xri:pqm&rft_dat=xri:pqdiss:28843303

Control Number

ISILib-TH431

Creative Commons License

Creative Commons Attribution 4.0 International License
This work is licensed under a Creative Commons Attribution 4.0 International License.

DOI

http://dspace.isical.ac.in:8080/jspui/handle/10263/2146

Download

Included in

Mathematics Commons

Share

COinS