Phelix is a high-speed stream cipher with a built-in single-pass message authentication code (MAC) functionality, submitted in 2004 to the eSTREAM contest by Doug Whiting, Bruce Schneier, Stefan Lucks, and Frédéric Muller.
FPGA Hardware performance figures published in the paper "Review of stream cipher candidates from a low resource hardware perspective"[citation needed] are as follows: Phelix is a slightly modified form of an earlier cipher, Helix, published in 2003 by Niels Ferguson, Doug Whiting, Bruce Schneier, John Kelsey, Stefan Lucks, and Tadayoshi Kohno; Phelix adds 128 bits to the internal state.
Souradyuti Paul and Bart Preneel later showed that the number of adaptive chosen-plaintext words of Muller's attack can be reduced by a factor of 3 in the worst case (a factor of 46.5 in the best case) using their optimal algorithms to solve differential equations of addition.
Phelix was not advanced[2] to Phase 3, largely because of Wu and Preneel's key-recovery attack[3] noted below that becomes possible when the prohibition against reusing a nonce is violated.
The authors of the differential attack express concern that each plaintext word affects the keystream without passing through (what they consider to be) sufficient confusion and diffusion layers.