HC-256

Last updated

HC-256 is a stream cipher designed to provide bulk encryption in software at high speeds while permitting strong confidence in its security. [1] A 128-bit variant was submitted as an eSTREAM cipher candidate and has been selected as one of the four final contestants in the software profile. [2] [3]

Stream cipher symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream

A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream. Since encryption of each digit is dependent on the current state of the cipher, it is also known as state cipher. In practice, a digit is typically a bit and the combining operation is an exclusive-or (XOR).

Software Non-tangible executable component of a computer

Computer software, or simply software, is a collection of data or computer instructions that tell the computer how to work. This is in contrast to physical hardware, from which the system is built and actually performs the work. In computer science and software engineering, computer software is all information processed by computer systems, programs and data. Computer software includes computer programs, libraries and related non-executable data, such as online documentation or digital media. Computer hardware and software require each other and neither can be realistically used on its own.

eSTREAM is a project to "identify new stream ciphers suitable for widespread adoption", organised by the EU ECRYPT network. It was set up as a result of the failure of all six stream ciphers submitted to the NESSIE project. The call for primitives was first issued in November 2004. The project was completed in April 2008. The project was divided into separate phases and the project goal was to find algorithms suitable for different application profiles.

Contents

The algorithm is designed by Hongjun Wu, and was first published in 2004. It is not patented.

Function

HC-256 has a 256 bit key and an initialization vector (nonce) of 256 bits. [1]

In cryptography, an initialization vector (IV) or starting variable (SV) is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom. Randomization is crucial for encryption schemes to achieve semantic security, a property whereby repeated usage of the scheme under the same key does not allow an attacker to infer relationships between segments of the encrypted message. For block ciphers, the use of an IV is described by the modes of operation. Randomization is also required for other primitives, such as universal hash functions and message authentication codes based thereon.

Internally, it consists of two secret tables (P and Q). Each table contains 1024 32-bit words. For each state update one 32-bit word in each table is updated using a non-linear update function. After 2048 steps all elements of the tables have been updated.

It generates one 32-bit word for each update step using a 32-bit to 32-bit mapping function similar to the output function of the Blowfish cipher. Finally a linear bit-masking function is applied to generate an output word. It uses the two message schedule functions in the hash function SHA-256 internally, but with the tables P and Q as S-boxes.

Blowfish is a symmetric-key block cipher, designed in 1993 by Bruce Schneier and included in many cipher suites and encryption products. Blowfish provides a good encryption rate in software and no effective cryptanalysis of it has been found to date. However, the Advanced Encryption Standard (AES) now receives more attention, and Schneier recommends Twofish for modern applications.

Hash function type of function that can be used to map data of arbitrary size to data of fixed size

A hash function is any function that can be used to map data of arbitrary size to fixed-size values. The values returned by a hash function are called hash values, hash codes, digests, or simply hashes. The values are used to index a fixed-size table called a hash table. Use of a hash function to index a hash table is called hashing or scatter storage addressing.

In cryptography, an S-box (substitution-box) is a basic component of symmetric key algorithms which performs substitution. In block ciphers, they are typically used to obscure the relationship between the key and the ciphertext — Shannon's property of confusion.

HC-128 is similar in function, and reduces each of key length, nonce, number of words in the tables P and Q, and number of table updating steps by half. [2]

Performance

The performance of HC-256 is estimated by its author to be about 4 cycles per byte on a Pentium 4 processor. However the initialization phase of the cipher includes expanding the 256-bit key into the tables P, Q and then running the cipher for 4096 steps. The author of HC-256 estimates this process to take around 74,000 cycles.

Pentium 4 is a brand by Intel for an entire series of single-core CPUs for desktops, laptops and entry-level servers. The processors were shipped from November 20, 2000, until August 8, 2008.

For HC-128 an encryption speed of about 3 cycles per byte on a Pentium M processor are cited.

The Pentium M is a family of mobile 32-bit single-core x86 microprocessors introduced in March 2003 and forming a part of the Intel Carmel notebook platform under the then new Centrino brand. The Pentium M processors had a maximum thermal design power (TDP) of 5–27 W depending on the model, and were intended for use in laptops. They evolved from the core of the last Pentium III–branded CPU by adding the front-side bus (FSB) interface of Pentium 4, an improved instruction decoding and issuing front end, improved branch prediction, SSE2 support, and a much larger cache. The first Pentium M–branded CPU, code-named Banias, was followed by Dothan. The Pentium M-branded processors were succeeded by the Core-branded dual-core mobile Yonah CPU with a modified microarchitecture.

The implementation of HC-128 on various computing structures is studied in detail, with significant performance gains compared to naive SW implementation. [4] [5]

Related Research Articles

Advanced Encryption Standard block cipher standard

The Advanced Encryption Standard (AES), also known by its original name Rijndael, is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001.

In cryptography, RC4 is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used. Particularly problematic uses of RC4 have led to very insecure protocols such as WEP.

In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transformation of one fixed-length group of bits called a block. A mode of operation describes how to repeatedly apply a cipher's single-block operation to securely transform amounts of data larger than a block.

In modern cryptography, symmetric key ciphers are generally divided into stream ciphers and block ciphers. Block ciphers operate on a fixed length string of bits. The length of this bit string is the block size. Both the input (plaintext) and output (ciphertext) are the same length; the output cannot be shorter than the input – this follows logically from the pigeonhole principle and the fact that the cipher must be reversible – and it is undesirable for the output to be longer than the input.

Serpent (cipher) block cipher

Serpent is a symmetric key block cipher that was a finalist in the Advanced Encryption Standard (AES) contest, where it was ranked second to Rijndael. Serpent was designed by Ross Anderson, Eli Biham, and Lars Knudsen.

Cryptographic hash function Special class of hash function that has certain properties which make it suitable for use in cryptography

A cryptographic hash function (CHF) is a hash function that is suitable for use in cryptography. It is a mathematical algorithm that maps data of arbitrary size to a bit string of a fixed size and is a one-way function, that is, a function which is practically infeasible to invert. Ideally, the only way to find a message that produces a given hash is to attempt a brute-force search of possible inputs to see if they produce a match, or use a rainbow table of matched hashes. Cryptographic hash functions are a basic tool of modern cryptography.

Phelix is a high-speed stream cipher with a built-in single-pass message authentication code (MAC) functionality, submitted in 2004 to the eSTREAM contest by Doug Whiting, Bruce Schneier, Stefan Lucks, and Frédéric Muller. The cipher uses only the operations of addition modulo 232, exclusive or, and rotation by a fixed number of bits. Phelix uses a 256-bit key and a 128-bit nonce, claiming a design strength of 128 bits. Concerns have been raised over the ability to recover the secret key if the cipher is used incorrectly.

In cryptography, FROG is a block cipher authored by Georgoudis, Leroux and Chaves. The algorithm can work with any block size between 8 and 128 bytes, and supports key sizes between 5 and 125 bytes. The algorithm consists of 8 rounds and has a very complicated key schedule.

In cryptography, MUGI is a pseudorandom number generator (PRNG) designed for use as a stream cipher. It was among the cryptographic techniques recommended for Japanese government use by CRYPTREC in 2003, however, has been dropped to "candidate" by CRYPTREC revision in 2013.

Poly1305 is a cryptographic message authentication code (MAC) created by Daniel J. Bernstein. It can be used to verify the data integrity and the authenticity of a message. A variant of Bernstein's Poly1305 that does not require AES has been standardized by the Internet Engineering Task Force in RFC 8439.

VEST

VEST ciphers are a set of families of general-purpose hardware-dedicated ciphers that support single pass authenticated encryption and can operate as collision-resistant hash functions designed by Sean O'Neil, Benjamin Gittins and Howard Landman. VEST cannot be implemented efficiently in software.

Salsa20 Wikipedia article covering two stream ciphers developed by Daniel J. Bernstein

Salsa20 and the closely related ChaCha are stream ciphers developed by Daniel J. Bernstein. Because the two ciphers are very similar, this article will occasionally discuss them together. Salsa20, the original cipher, was designed in 2005, then later submitted to eSTREAM by Daniel J. Bernstein. ChaCha is a modification of Salsa20 published by Bernstein in 2008. It uses a new round function that increases diffusion and increases performance on some architectures.

Py is a stream cipher submitted to eSTREAM by Eli Biham and Jennifer Seberry. It is one of the fastest eSTREAM candidates at around 2.6 cycles per byte on some platforms. It has a structure a little like RC4, but adds an array of 260 32-bit words which are indexed using a permutation of bytes, and produces 64 bits in each round.

The Scream cipher is a word-based stream cipher developed by Shai Halevi, Don Coppersmith and Charanjit Jutla from IBM.

The Hasty Pudding Cipher (HPC) is a variable-block-size block cipher designed by Richard Schroeppel, which was an unsuccessful candidate in the competition for selecting the U.S. Advanced Encryption Standard (AES). It has a number of unusual properties for a block cipher: its input block size and key length are variable, and it includes an additional input parameter called the "spice" for use as a secondary, non-secret key. The Hasty Pudding cipher was the only AES candidate designed exclusively by U.S. cryptographers.

In cryptography, a T-function is a bijective mapping that updates every bit of the state in a way that can be described as , or in simple words an update function in which each bit of the state is updated by a linear combination of the same bit and a function of a subset of its less significant bits. If every single less significant bit is included in the update of every bit in the state, such a T-function is called triangular. Thanks to their bijectivity regardless of the used Boolean functions and regardless of the selection of inputs, T-functions are now widely used in cryptography to construct block ciphers, stream ciphers, PRNGs and hash functions. T-functions were first proposed in 2002 by A. Klimov and A. Shamir in their paper "A New Class of Invertible Mappings". Ciphers such as TSC-1, TSC-3, TSC-4, ABC, Mir-1 and VEST are built with different types of T-functions.

JH is a cryptographic hash function submitted to the NIST hash function competition by Hongjun Wu. Though chosen as one of the five finalists of the competition, JH ultimately lost to NIST hash candidate Keccak. JH has a 1024-bit state, and works on 512-bit input blocks. Processing an input block consists of three steps:

  1. XOR the input block into the left half of the state.
  2. Apply a 42-round unkeyed permutation (encryption function) to the state. This consists of 42 repetitions of:
    1. Break the input into 256 4-bit blocks, and map each through one of two 4-bit S-boxes, the choice being made by a 256-bit round-dependent key schedule. Equivalently, combine each input block with a key bit, and map the result through a 5→4 bit S-box.
    2. Mix adjacent 4-bit blocks using a maximum distance separable code over GF(24).
    3. Permute 4-bit blocks so that they will be adjacent to different blocks in following rounds.
  3. XOR the input block into the right half of the state.
Speck (cipher)

Speck is a family of lightweight block ciphers publicly released by the National Security Agency (NSA) in June 2013. Speck has been optimized for performance in software implementations, while its sister algorithm, Simon, has been optimized for hardware implementations. Speck is an add–rotate–xor (ARX) cipher.

References

  1. 1 2 Wu, Hongjun (2004). "A New Stream Cipher HC-256" (PDF). Fast Software Encryption – FSE 2004, LNCS 3017: 226–244.
  2. 1 2 Wu, Hongjun (2004). "The Stream Cipher HC-128" (PDF).Cite journal requires |journal= (help)
  3. "The eSTREAM Project".
  4. Chattopadhyay, Anupam; Khalid, Ayesha; Maitra, Subhamoy; Raizada, Shashwat (2012). "Designing high-throughput hardware accelerator for stream cipher HC-128". 2012 IEEE International Symposium on Circuits and Systems. pp. 1448–1451. doi:10.1109/ISCAS.2012.6271518. ISBN   978-1-4673-0219-7.
  5. Khalid, Ayesha; Bagchi, Deblin; Paul, Goutam; Chattopadhyay, Anupam (2013). "Optimized GPU Implementation and Performance Analysis of HC Series of Stream Ciphers". Information Security and Cryptology – ICISC 2012. Lecture Notes in Computer Science. 7839. pp. 293–308. doi:10.1007/978-3-642-37682-5_21. ISBN   978-3-642-37681-8.


This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.