Cryptanalysis of WG-8 and WG-16 stream ciphers


In 2008, the WG family of stream ciphers was designed by Navaz and Gong to secure lightweight applications for RFIDs and smart cards. In 2012, a distinguishing attack was discovered against the WG-7 stream cipher by Orumiehchiha, Pieprzyk and Steinfeld. In 2013, Gong, Aagaard and Fan have re-designed the WG cipher family and claimed that the ciphers are secure if the minimal polynomials of the linear feedback shift registers are properly chosen. This work analyses the security of the WG-8, and WG-16 ciphers from the recently published WG family. It shows that the ciphers are subject to distinguishing attacks that allow an adversary to distinguish WG-8 and WG-16 from random ciphers after observing \(2^{49.8}\) and \(2^{63.25}\) bits, respectively. The attacks use a counting algorithm for the number of zeros and ones of Boolean functions. The algorithm allows to find a bias much quicker than a routine truth-table enumeration.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2


  1. 1.

    Ding, L., Jin, C., Guan, J., Wang, Q.: Cryptanalysis of lightweight wg-8 stream cipher. IEEE Trans. Inf. Forensics Secur. 9, 645–652 (2014)

    Article  Google Scholar 

  2. 2.

    Fan, X., Gong, G.: Specification of the stream cipher wg-16 based confidentiality and integrity algorithms. University of Waterloo, Waterloo, ON, Canada, Tech. Rep. CACR 6, 2013 (2013)

    Google Scholar 

  3. 3.

    Fan, X., Mandal, K., Gong, G.: Wg-8: A lightweight stream cipher for resource-constrained smart devices. In: Singh, K., Awasthi, A. (eds.) Quality, Reliability, Security and Robustness in Heterogeneous Networks, vol. 115 of Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, pp 617–632. Springer, Berlin (2013)

  4. 4.

    Gong, G., Aagaard, M., Fan, X.: Resilience to distinguishing attacks on wg-7 cipher and their generalizations. Cryptogr. Commun. 5, 277–289 (2013)

    MathSciNet  Article  MATH  Google Scholar 

  5. 5.

    Gong, G., Youssef, A.M.: Cryptographic properties of the welch-gong transformation sequence generators. IEEE Trans. Inf. Theory 48, 2837–2846 (2002)

    MathSciNet  Article  MATH  Google Scholar 

  6. 6.

    Luo, Y., Chai, Q., Gong, G., Lai, X.: A lightweight stream cipher wg-7 for rfid encryption and authentication. pp. 1–6 (2010)

  7. 7.

    Mandal, K., Gong, G., Fan, X., Aagaard, M.: Optimal parameters for the WG stream cipher family. Cryptogr. Commun. 6, 117–135 (2014)

    Article  MATH  Google Scholar 

  8. 8.

    Mantin, I., Shamir, A.: A practical attack on broadcast rc4. In: Proc. of FSE’01, Springer, pp 152–164 (2001)

  9. 9.

    Nawaz, Y., Gong, G.: Wg: A family of stream ciphers with designed randomness properties. Inf. Sci. 178, 1903–1916 (2008)

    MathSciNet  Article  MATH  Google Scholar 

  10. 10.

    Orumiehchiha, M.A., Pieprzyk, J., Steinfeld, R.: Cryptanalysis of wg-7: a lightweight stream cipher. Cryptogr. Commun. 4, 277–285 (2012)

    MathSciNet  Article  MATH  Google Scholar 

Download references

Author information



Corresponding author

Correspondence to Saeed Rostami.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Rostami, S., Shakour, E., Orumiehchiha, M.A. et al. Cryptanalysis of WG-8 and WG-16 stream ciphers. Cryptogr. Commun. 11, 351–362 (2019).

Download citation


  • WG-8 stream cipher
  • WG-16 stream cipher
  • Cryptanalysis
  • Distinguishing attack
  • Truth-table enumeration