Resynchronization Attacks on WG and LEX [chapter]

Hongjun Wu, Bart Preneel
2006 Lecture Notes in Computer Science  
WG and LEX are two stream ciphers submitted to eStreamthe ECRYPT stream cipher project. In this paper, we point out security flaws in the resynchronization of these two ciphers. The resynchronization of WG is vulnerable to a differential attack. For WG with 80-bit key and 80-bit IV, 48 bits of the secret key can be recovered with about 2 31.3 chosen IVs . For each chosen IV, only the first four keystream bits are needed in the attack. The resynchronization of LEX is vulnerable to a slide
more » ... If a key is used with about 2 60.8 random IVs, and 20,000 keystream bytes are generated from each IV, then the key of the strong version of LEX could be recovered easily with a slide attack. The resynchronization attack on WG and LEX shows that block cipher related attacks are powerful in analyzing non-linear resynchronization mechanisms.
doi:10.1007/11799313_27 fatcat:w2yklu5yrfdlxk5jcp5q7hncbe