Resynchronization weaknesses in synchronous stream ciphers
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Differential Cryptanalysis of DES-like Cryptosystems
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
FSE '99 Proceedings of the 6th International Workshop on Fast Software Encryption
Extending the resynchronization attack
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Cryptographic properties of the Welch-Gong transformation sequence generators
IEEE Transactions on Information Theory
WG: A family of stream ciphers with designed randomness properties
Information Sciences: an International Journal
Differential Cryptanalysis of the Stream Ciphers Py, Py6 and Pypy
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
Analysis of Grain's initialization algorithm
AFRICACRYPT'08 Proceedings of the Cryptology in Africa 1st international conference on Progress in cryptology
AISC '09 Proceedings of the Seventh Australasian Conference on Information Security - Volume 98
Differential fault analysis of LEX
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
ASC-1: an authenticated encryption stream cipher
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
High order differential attacks on stream ciphers
Cryptography and Communications
Slid pairs in the initialisation of the A5/1 stream cipher
AISC '13 Proceedings of the Eleventh Australasian Information Security Conference - Volume 138
Hi-index | 0.00 |
WG and LEX are two stream ciphers submitted to eStream – the ECRYPT stream cipher project. In this paper, we point out security flaws in the resynchronization of these two ciphers. The resynchronization of WG is vulnerable to a differential attack. For WG with 80-bit key and 80-bit IV, 48 bits of the secret key can be recovered with about 231.3 chosen IVs . For each chosen IV, only the first four keystream bits are needed in the attack. The resynchronization of LEX is vulnerable to a slide attack. If a key is used with about 260.8 random IVs, and 20,000 keystream bytes are generated from each IV, then the key of the strong version of LEX could be recovered easily with a slide attack. The resynchronization attack on WG and LEX shows that block cipher related attacks are powerful in analyzing non-linear resynchronization mechanisms.