A Combinatorial Analysis of HC-128

We show that the knowledge of any one of the two internal state arrays of HC-128 along with the knowledge of 2048 keystream words is sufficient to construct the other state array completely in $2^{42}$ time complexity. Though our analysis does not lead to any attack on HC-128, it reveals a structural insight into the cipher. In the process, we theoretically establish certain combinatorial properties of HC-128 keystream generation algorithm. We also suggest a modification to HC-128 that takes care of the recently known cryptanalytic results with little reduction in speed

Some Observations on HC-128

Abstract. In this paper, we use linear approximations of the addition modulo 2 n of three n-bit integers to identify linear approximations of g1, g2, the feedback functions of HC-128. This, in turn, shows that the process of keystream output generation of HC-128 can be well approximated by linear functions. In this direction, we show that the “least significant bit ” based distinguisher (presented by the designer himself) of HC-128 works for the complete 32-bit word. In a different note, in the line of Dunkelman’s observation, we also study how HC-128 keystream words leak secret state information of the cipher due to the properties of the functions h1, h2 and present improved results