Chosen IV Attack on Stream Cipher WG
暂无分享,去创建一个
Stream cipher WG [3] is a hardware oriented cipher. In this paper, we point out that the WG stream cipher is vulnerable to the chosen IV attacks. For WG with 80-bit key and 80-bit IV, 48 bits of the secret key could be recovered with about 2 chosen IVs . For WG with 80-bit key and 64-bit IV, 29-bit information of the secret key could be recovered with probability 2−5 and with about 2 chosen IVs. For each chosen IV, only the first four keystram bits are needed in the attack. 1 Stream Cipher WG [3] WG is a hardware oriented stream cipher. The main feature of the WG stream cipher is the use of the WG transformation to generate keystream from the LFSR. The WG transformations have excellent cryptographic properties [2]. 1.1 Keystream Generation The keystream generation diagram of WG is given in Fig. 1. WG has a regularly clocked LFSR which is defined by the feedback polynomial p(x) = x + x + x + x + x + x + γ (1) over GF (2), where γ = β and β is the primitive root of g(x) g(x) = x + x + x + x + x + x + x + x + x + x + x + x + x + x + x + x + 1 (2) Then the non-linear WG transformation, GF (2) → GF (2), is applied to generate the keystream from the LFSR.
[1] Eli Biham,et al. Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.
[2] Guang Gong,et al. The WG Stream Cipher , 2005 .
[3] Amr M. Youssef,et al. Cryptographic properties of the Welch-Gong transformation sequence generators , 2002, IEEE Trans. Inf. Theory.