A new distinguishing and key recovery attack on NGG stream cipher

NGG is an RC4-like stream cipher designed to make use of today’s common 32-bit processors. It is 3–5 times faster than RC4. In this paper, we show that the NGG stream can be distinguished, with success probability ≈ 97%, from a random stream using only the first keystream word. We also show that the first few kilobytes of the keystream may leak information about the secret key which allows the cryptanalyst to recover the secret key in a very efficient way.

[1]  Guang Gong,et al.  A 32-bit RC4-like Keystream Generator , 2005, IACR Cryptol. ePrint Arch..

[2]  Martin Hell,et al.  Towards a General RC4-Like Keystream Generator , 2005, CISC.

[3]  Goutam Paul,et al.  Permutation After RC4 Key Scheduling Reveals the Secret Key , 2007, Selected Areas in Cryptography.

[4]  Bart Preneel,et al.  A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher , 2004, FSE.

[5]  Itsik Mantin,et al.  Predicting and Distinguishing Attacks on RC4 Keystream Generator , 2005, EUROCRYPT.

[6]  Itsik Mantin,et al.  A Practical Attack on the Fixed RC4 in the WEP Mode , 2005, ASIACRYPT.

[7]  Erik Tews,et al.  Breaking 104 Bit WEP in Less Than 60 Seconds , 2007, WISA.

[8]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[9]  Alexander Maximov,et al.  New State Recovery Attack on RC4 , 2008, CRYPTO.

[10]  Bartosz Zoltak,et al.  VMPC One-Way Function and Stream Cipher , 2004, FSE.

[11]  Yukiyasu Tsunoo,et al.  A Distinguishing Attack on a Fast Software-Implemented RC4-Like Stream Cipher , 2007, IEEE Transactions on Information Theory.

[12]  Hongjun Wu Cryptanalysis of a 32-bit RC4-like Stream Cipher , 2005, IACR Cryptol. ePrint Arch..

[13]  Adi Shamir,et al.  A Practical Attack on Broadcast RC4 , 2001, FSE.

[14]  Philip Hawkes,et al.  On the Applicability of Distinguishing Attacks Against Stream Ciphers , 2002, IACR Cryptol. ePrint Arch..

[15]  Bart Preneel,et al.  On the (In)security of Stream Ciphers Based on Arrays and Modular Addition , 2006, ASIACRYPT.

[16]  Scott R. Fluhrer,et al.  Statistical Analysis of the Alleged RC4 Keystream Generator , 2000, FSE.

[17]  Octavio Nieto-Taladriz,et al.  Finding an internal state of RC4 stream cipher , 2007, Inf. Sci..

[18]  Alexander Maximov Two Linear Distinguishing Attacks on VMPC and RC4A and Weakness of RC4 Family of Stream Ciphers , 2005, FSE.

[19]  Eli Biham,et al.  Efficient Reconstruction of RC4 Keys from Internal States , 2008, FSE.

[20]  Vincent Rijmen,et al.  Analysis Methods for (Alleged) RC4 , 1998, ASIACRYPT.

[21]  Serge Vaudenay,et al.  Passive-Only Key Recovery Attacks on RC4 , 2007, Selected Areas in Cryptography.

[22]  Jovan Dj. Golic,et al.  Linear Statistical Weakness of Alleged RC4 Keystream Generator , 1997, EUROCRYPT.

[23]  Andreas Klein,et al.  Attacks on the RC4 stream cipher , 2008, Des. Codes Cryptogr..