Cryptography and Communications

, Volume 11, Issue 2, pp 351–362 | Cite as

Cryptanalysis of WG-8 and WG-16 stream ciphers

  • Saeed RostamiEmail author
  • Elham Shakour
  • Mohammad Ali Orumiehchiha
  • Josef Pieprzyk


In 2008, the WG family of stream ciphers was designed by Navaz and Gong to secure lightweight applications for RFIDs and smart cards. In 2012, a distinguishing attack was discovered against the WG-7 stream cipher by Orumiehchiha, Pieprzyk and Steinfeld. In 2013, Gong, Aagaard and Fan have re-designed the WG cipher family and claimed that the ciphers are secure if the minimal polynomials of the linear feedback shift registers are properly chosen. This work analyses the security of the WG-8, and WG-16 ciphers from the recently published WG family. It shows that the ciphers are subject to distinguishing attacks that allow an adversary to distinguish WG-8 and WG-16 from random ciphers after observing \(2^{49.8}\) and \(2^{63.25}\) bits, respectively. The attacks use a counting algorithm for the number of zeros and ones of Boolean functions. The algorithm allows to find a bias much quicker than a routine truth-table enumeration.


WG-8 stream cipher WG-16 stream cipher Cryptanalysis Distinguishing attack Truth-table enumeration 


  1. 1.
    Ding, L., Jin, C., Guan, J., Wang, Q.: Cryptanalysis of lightweight wg-8 stream cipher. IEEE Trans. Inf. Forensics Secur. 9, 645–652 (2014)CrossRefGoogle Scholar
  2. 2.
    Fan, X., Gong, G.: Specification of the stream cipher wg-16 based confidentiality and integrity algorithms. University of Waterloo, Waterloo, ON, Canada, Tech. Rep. CACR 6, 2013 (2013)Google Scholar
  3. 3.
    Fan, X., Mandal, K., Gong, G.: Wg-8: A lightweight stream cipher for resource-constrained smart devices. In: Singh, K., Awasthi, A. (eds.) Quality, Reliability, Security and Robustness in Heterogeneous Networks, vol. 115 of Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, pp 617–632. Springer, Berlin (2013)Google Scholar
  4. 4.
    Gong, G., Aagaard, M., Fan, X.: Resilience to distinguishing attacks on wg-7 cipher and their generalizations. Cryptogr. Commun. 5, 277–289 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Gong, G., Youssef, A.M.: Cryptographic properties of the welch-gong transformation sequence generators. IEEE Trans. Inf. Theory 48, 2837–2846 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Luo, Y., Chai, Q., Gong, G., Lai, X.: A lightweight stream cipher wg-7 for rfid encryption and authentication. pp. 1–6 (2010)Google Scholar
  7. 7.
    Mandal, K., Gong, G., Fan, X., Aagaard, M.: Optimal parameters for the WG stream cipher family. Cryptogr. Commun. 6, 117–135 (2014)CrossRefzbMATHGoogle Scholar
  8. 8.
    Mantin, I., Shamir, A.: A practical attack on broadcast rc4. In: Proc. of FSE’01, Springer, pp 152–164 (2001)Google Scholar
  9. 9.
    Nawaz, Y., Gong, G.: Wg: A family of stream ciphers with designed randomness properties. Inf. Sci. 178, 1903–1916 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Orumiehchiha, M.A., Pieprzyk, J., Steinfeld, R.: Cryptanalysis of wg-7: a lightweight stream cipher. Cryptogr. Commun. 4, 277–285 (2012)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.R & D DepartmentZaeim Electronic Ind.TehranIran
  2. 2.Research Center for Development of Advanced TechnologiesTehranIran
  3. 3.Queensland University of TechnologyBrisbaneAustralia
  4. 4.Institute of Computer SciencePolish Academy of SciencesWarsawPoland

Personalised recommendations