Abstract
WG and LEX are two stream ciphers submitted to eStream – the ECRYPT stream cipher project. In this paper, we point out security flaws in the resynchronization of these two ciphers. The resynchronization of WG is vulnerable to a differential attack. For WG with 80-bit key and 80-bit IV, 48 bits of the secret key can be recovered with about 231.3 chosen IVs . For each chosen IV, only the first four keystream bits are needed in the attack. The resynchronization of LEX is vulnerable to a slide attack. If a key is used with about 260.8 random IVs, and 20,000 keystream bytes are generated from each IV, then the key of the strong version of LEX could be recovered easily with a slide attack. The resynchronization attack on WG and LEX shows that block cipher related attacks are powerful in analyzing non-linear resynchronization mechanisms.
This work was supported in part by the Concerted Research Action (GOA) Ambiorics 2005/11 of the Flemish Government and in part by the European Commission through the IST Programme under Contract IST-2002-507932 ECRYPT.
Chapter PDF
References
Armknecht, F., Lano, J., Preneel, B.: Extending the Resynchronization Attack. In: Handschuh, H., Hasan, M.A. (eds.) SAC 2004. LNCS, vol. 3357, pp. 19–38. Springer, Heidelberg (2004)
Biham, E., Shamir, A.: Differential Cryptanalysis of DES-like Cryptosystems. In: Menezes, A., Vanstone, S.A. (eds.) CRYPTO 1990. LNCS, vol. 537, pp. 2–21. Springer, Heidelberg (1991)
Biryukov, A., Wagner, D.: Slide attacks. In: Knudsen, L.R. (ed.) FSE 1999. LNCS, vol. 1636, pp. 245–259. Springer, Heidelberg (1999)
Biryukov, A.: A New 128-bit Key Stream Cipher LEX. ECRYPT Stream Cipher Project Report 2005/013 (2005), Available at, http://www.ecrypt.eu.org/stream/
Daemen, J., Govaerts, R., Vandewalle, J.: Resynchronization weakness in synchronous stream ciphers. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 159–167. Springer, Heidelberg (1994)
ECRYPT Stream Cipher Project, http://www.ecrypt.eu.org/stream/
Golić, J.D., Morgari, G.: On the resynchronization attack. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 100–110. Springer, Heidelberg (2003)
Gong, G., Youssef, A.: Cryptographic Properties of the Welch-Gong Transformation Sequence Generators. IEEE Transactions on Information Theory 48(11), 2837–2846 (2002)
National Institute of Standards and Technology, DES Modes of Operation, Federal Information Processing Standards Publication (FIPS) 81, Available at, http://csrc.nist.gov/publications/fips/
National Institute of Standards and Technology, Advanced Encryption Standard (AES), Federal Information Processing Standards Publication (FIPS) 197, Available at, http://csrc.nist.gov/publications/fips/
Nawaz, Y., Gong, G.: The WG Stream Cipher. ECRYPT Stream Cipher Project Report 2005/033 (2005), Available at, http://www.ecrypt.eu.org/stream/
Nawaz, Y., Gong, G.: Preventing Chosen IV Attack on WG Cipher by Increasing the Length of Key/IV Setup. ECRYPT Stream Cipher Project Report 2005/047 (2005), Available at, http://www.ecrypt.eu.org/stream/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Wu, H., Preneel, B. (2006). Resynchronization Attacks on WG and LEX. In: Robshaw, M. (eds) Fast Software Encryption. FSE 2006. Lecture Notes in Computer Science, vol 4047. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11799313_27
Download citation
DOI: https://doi.org/10.1007/11799313_27
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36597-6
Online ISBN: 978-3-540-36598-3
eBook Packages: Computer ScienceComputer Science (R0)