Cryptanalysis of Helix and Phelix Revisited

Shi, Zhenqing; Zhang, Bin; Feng, Dengguo

doi:10.1007/978-3-642-39059-3_3

Zhenqing Shi¹⁷,
Bin Zhang¹⁸ &
Dengguo Feng¹⁷

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7959))

Included in the following conference series:

Australasian Conference on Information Security and Privacy

1696 Accesses
1 Citations

Abstract

Helix, designed by Ferguson et al., is a high-speed asynchronous stream cipher with a built-in MAC functionality. At FSE 2004, Muller presented two attacks on Helix. Motivated by these attacks, Phelix was proposed and selected as a Phase 2 focus cipher for both Profile 1 and Profile 2 by the eSTREAM project, but was not advanced to Phase 3 mainly due to a key recovery attack by Wu and Preneel when the prohibition against reusing a nonce is violated.

In this paper, we study the security of Helix and Phelix in the more realistic chosen nonce model. We first point out a flaw in Muller’s second attack, which results in the failure of his attack. Then we propose our distinguishing attack on Helix with a data complexity of 2¹³², faster than exhaustive search when the key length is larger than 132 bits. Furthermore, when the maximal length of output keystream is extended, the data complexity can be reduced to 2¹²⁷ and we also can construct a key recovery attack with a data complexity of 2¹⁶³. Since this flaw is overlooked by the designers of Phelix, we can extend the distinguishing attack to Phelix with the same complexity, which shows that Phelix fails to strengthen Helix against internal state collision attacks. Our results provide new insights on the design of such dedicated ciphers with built-in authentication.

This work was supported by the National Grand Fundamental Research 973 Program of China(Grant No. 2013CB338002), the Strategic Priority Research Program of the Chinese Academy of Sciences (Grant No. XDA06010701), IIE’s Research Project on Cryptography (Grant No. Y3Z0016102) and the programs of the National Natural Science Foundation of China (Grant No. 60833008, 60603018, 61173134, 91118006, 61272476).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Ferguson, N., Whiting, D., Schneier, B., Kelsey, J., Lucks, S., Kohno, T.: Helix: Fast Encryption and Authentication in a Single Cryptographic Primitive. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 330–346. Springer, Heidelberg (2003)
Chapter Google Scholar
Whiting, D., Schneier, B., Lucks, S., Muller, F.: Phelix: Fast Encryption and Authentication in a Single Cryptographic Primitive. Technical Report 2005/027. In eSTREAM, ECRYPT Stream Cipher Project (2005)
Google Scholar
Bernstein, D.J.: Salsa20. Technical Report 2005/025. In eSTREAM, ECRYPT Stream Cipher Project (2005)
Google Scholar
Muller, F.: Differential Attacks against the Helix Stream Cipher. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 94–108. Springer, Heidelberg (2004)
Chapter Google Scholar
Paul, S., Preneel, B.: Near Optimal Algorithms for Solving Differential Equations of Addition with Batch Queries. In: Maitra, S., Veni Madhavan, C.E., Venkatesan, R. (eds.) INDOCRYPT 2005. LNCS, vol. 3797, pp. 90–103. Springer, Heidelberg (2005)
Chapter Google Scholar
Paul, S., Preneel, B.: Solving Systems of Differential Equations of Addition. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 75–88. Springer, Heidelberg (2005)
Chapter Google Scholar
Wu, H., Preneel, B.: Differential-Linear Attacks Against the Stream Cipher Phelix. In: Biryukov, A. (ed.) FSE 2007. LNCS, vol. 4593, pp. 87–100. Springer, Heidelberg (2007)
Chapter Google Scholar
Phorum eStream. Key recovery attacks on Phelix (2006), http://www.ecrypt.eu.org/stream/phorum/read.php?1,883,921
eSTREAM. ECRYPT stream cipher project, http://www.ecrypt.eu.org/stream/portfolio.pdf
DIAC. Directions in Authenticated Ciphers, http://hyperelliptic.org/DIAC/

Download references

Author information

Authors and Affiliations

Institute of Software, Chinese Academy of Sciences, Beijing, 100190, China
Zhenqing Shi & Dengguo Feng
State Key Laboratory of Information Security, Institute of Information Engineering, Chinese Academy of Sciences, Beijing, 100195, China
Bin Zhang

Authors

Zhenqing Shi
View author publications
You can also search for this author in PubMed Google Scholar
Bin Zhang
View author publications
You can also search for this author in PubMed Google Scholar
Dengguo Feng
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Queensland University of Technology, 2434, 4001, Brisbane, QLD, Australia
Colin Boyd & Leonie Simpson &

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Shi, Z., Zhang, B., Feng, D. (2013). Cryptanalysis of Helix and Phelix Revisited. In: Boyd, C., Simpson, L. (eds) Information Security and Privacy. ACISP 2013. Lecture Notes in Computer Science, vol 7959. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39059-3_3

Download citation

DOI: https://doi.org/10.1007/978-3-642-39059-3_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39058-6
Online ISBN: 978-3-642-39059-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics