Resynchronization Attacks on WG and LEX

  • Hongjun Wu
  • Bart Preneel
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4047)


WG and LEX are two stream ciphers submitted to eStream – the ECRYPT stream cipher project. In this paper, we point out security flaws in the resynchronization of these two ciphers. The resynchronization of WG is vulnerable to a differential attack. For WG with 80-bit key and 80-bit IV, 48 bits of the secret key can be recovered with about 231.3 chosen IVs . For each chosen IV, only the first four keystream bits are needed in the attack. The resynchronization of LEX is vulnerable to a slide attack. If a key is used with about 260.8 random IVs, and 20,000 keystream bytes are generated from each IV, then the key of the strong version of LEX could be recovered easily with a slide attack. The resynchronization attack on WG and LEX shows that block cipher related attacks are powerful in analyzing non-linear resynchronization mechanisms.


cryptanalysis stream cipher resynchronization attack differential attack slide attack WG LEX 


  1. 1.
    Armknecht, F., Lano, J., Preneel, B.: Extending the Resynchronization Attack. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 19–38. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. 2.
    Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)Google Scholar
  3. 3.
    Biryukov, A., Wagner, D.: Slide attacks. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 245–259. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Biryukov, A.: A New 128-bit Key Stream Cipher LEX. ECRYPT Stream Cipher Project Report 2005/013 (2005), Available at,
  5. 5.
    Daemen, J., Govaerts, R., Vandewalle, J.: Resynchronization weakness in synchronous stream ciphers. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 159–167. Springer, Heidelberg (1994)Google Scholar
  6. 6.
    ECRYPT Stream Cipher Project,
  7. 7.
    Golić, J.D., Morgari, G.: On the resynchronization attack. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 100–110. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Gong, G., Youssef, A.: Cryptographic Properties of the Welch-Gong Transformation Sequence Generators. IEEE Transactions on Information Theory 48(11), 2837–2846 (2002)MATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    National Institute of Standards and Technology, DES Modes of Operation, Federal Information Processing Standards Publication (FIPS) 81, Available at,
  10. 10.
    National Institute of Standards and Technology, Advanced Encryption Standard (AES), Federal Information Processing Standards Publication (FIPS) 197, Available at,
  11. 11.
    Nawaz, Y., Gong, G.: The WG Stream Cipher. ECRYPT Stream Cipher Project Report 2005/033 (2005), Available at,
  12. 12.
    Nawaz, Y., Gong, G.: Preventing Chosen IV Attack on WG Cipher by Increasing the Length of Key/IV Setup. ECRYPT Stream Cipher Project Report 2005/047 (2005), Available at,

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Hongjun Wu
    • 1
  • Bart Preneel
    • 1
  1. 1.Katholieke Universiteit Leuven, ESAT/SCD-COSICLeuven-HeverleeBelgium

Personalised recommendations