Distinguishing Attacks on (Ultra-)Lightweight WG Ciphers
详细信息 查看全文
- 关键词:WG ; Lightweight cipher ; Distinguishing attack
- 刊名:Lecture Notes in Computer Science
- 出版年:2017
- 出版时间:2017
- 年:2017
- 卷:10098
- 期:1
- 页码:45-59
- 丛书名:Lightweight Cryptography for Security and Privacy
- ISBN:978-3-319-55714-4
- 卷排序:10098
文摘
The Welch-Gong (WG) family of stream ciphers include two subfamilies, which we call WG-A and WG-B, of patented (ultra-)lightweight ciphers designed by Gong et al. The Waterloo Commercialization Office, Canada, has included the WG-A in an RFID anti-counterfeiting system and has proposed the WG-B for securing 4G networks. The WG-A and WG-B ciphers support 80- and 128-bit keys, respectively. In this paper, we detect input-output correlations in the nonlinear transformations used by these ciphers. Exploiting these, we show distinguishing attacks that require, to nearly ensure success, between \(2^{22.20}\) and \(2^{29.07}\) keystream samples for WG-A and not more than \(2^{56.84}\) keystream samples for WG-B. We are not aware of any prior attacks on these ciphers.