中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 软件所图书馆  > 会议论文
Title:
Cryptanalysis of Helix and Phelix revisited
Author: Shi, Zhenqing (1) ; Zhang, Bin (2) ; Feng, Dengguo (1)
Conference Name: 18th Australasian Conference on Information Security and Privacy, ACISP 2013
Conference Date: July 1, 2013 - July 3, 2013
Issued Date: 2013
Conference Place: Brisbane, QLD, Australia
Publish Place: Springer Verlag, Tiergartenstrasse 17, Heidelberg, D-69121, Germany
Indexed Type: EI
ISSN: 3029743
ISBN: 9783642390586
Department: (1) Institute of Software, Chinese Academy of Sciences, Beijing, 100190, China; (2) State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100195, China
Abstract: Helix, designed by Ferguson et al., is a high-speed asynchronous stream cipher with a built-in MAC functionality. At FSE 2004, Muller presented two attacks on Helix. Motivated by these attacks, Phelix was proposed and selected as a Phase 2 focus cipher for both Profile 1 and Profile 2 by the eSTREAM project, but was not advanced to Phase 3 mainly due to a key recovery attack by Wu and Preneel when the prohibition against reusing a nonce is violated. In this paper, we study the security of Helix and Phelix in the more realistic chosen nonce model. We first point out a flaw in Muller's second attack, which results in the failure of his attack. Then we propose our distinguishing attack on Helix with a data complexity of 2132, faster than exhaustive search when the key length is larger than 132 bits. Furthermore, when the maximal length of output keystream is extended, the data complexity can be reduced to 2 127 and we also can construct a key recovery attack with a data complexity of 2163. Since this flaw is overlooked by the designers of Phelix, we can extend the distinguishing attack to Phelix with the same complexity, which shows that Phelix fails to strengthen Helix against internal state collision attacks. Our results provide new insights on the design of such dedicated ciphers with built-in authentication. © 2013 Springer-Verlag.
English Abstract: Helix, designed by Ferguson et al., is a high-speed asynchronous stream cipher with a built-in MAC functionality. At FSE 2004, Muller presented two attacks on Helix. Motivated by these attacks, Phelix was proposed and selected as a Phase 2 focus cipher for both Profile 1 and Profile 2 by the eSTREAM project, but was not advanced to Phase 3 mainly due to a key recovery attack by Wu and Preneel when the prohibition against reusing a nonce is violated. In this paper, we study the security of Helix and Phelix in the more realistic chosen nonce model. We first point out a flaw in Muller's second attack, which results in the failure of his attack. Then we propose our distinguishing attack on Helix with a data complexity of 2132, faster than exhaustive search when the key length is larger than 132 bits. Furthermore, when the maximal length of output keystream is extended, the data complexity can be reduced to 2 127 and we also can construct a key recovery attack with a data complexity of 2163. Since this flaw is overlooked by the designers of Phelix, we can extend the distinguishing attack to Phelix with the same complexity, which shows that Phelix fails to strengthen Helix against internal state collision attacks. Our results provide new insights on the design of such dedicated ciphers with built-in authentication. © 2013 Springer-Verlag.
Language: 英语
Content Type: 会议论文
URI: http://ir.iscas.ac.cn/handle/311060/16668
Appears in Collections:软件所图书馆_会议论文

Files in This Item:

There are no files associated with this item.


Recommended Citation:
Shi, Zhenqing ,Zhang, Bin ,Feng, Dengguo . Cryptanalysis of Helix and Phelix revisited[C]. 见:18th Australasian Conference on Information Security and Privacy, ACISP 2013. Brisbane, QLD, Australia. July 1, 2013 - July 3, 2013.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[Shi, Zhenqing (1)]'s Articles
[Zhang, Bin (2)]'s Articles
[Feng, Dengguo (1)]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[Shi, Zhenqing (1)]‘s Articles
[Zhang, Bin (2)]‘s Articles
[Feng, Dengguo (1)]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2021  中国科学院软件研究所 - Feedback
Powered by CSpace