SOBER-128 is a synchronous stream cipher designed by Hawkes and Rose (2003) and is a member of the SOBER family of ciphers. SOBER-128 was also designed to provide MAC (Message authentication code) functionality.
Watanabe and Furuya (2004) showed a weakness in the MAC generation of SOBER-128 which means an attack could forge a message with probability 2-6. MAC functionality was deleted by Qualcomm from SOBER-128 reference code.
SOBER-128 takes a key up to 128-bits in length.
- Dai Watanabe and Soichi Furuya, A MAC Forgery Attack on SOBER-128, FSE 2004. pp472–482.
- Philip Hawkes and Greg Rose, Primitive Specification for SOBER-128, IACR ePrint archive, 2003 .