Tuesday, September 20 2016
15:30 - 16:30

Alladi Ramakrishnan Hall

Distinguishing Attacks on (Ultra-)lightweight WG Ciphers

Mr. Mabin Joseph

IGCAR, Kalpakkam

The Welch-Gong (WG) family of stream ciphers include two subfamilies, WG-A and WG-B, of patented (ultra-)lightweight ciphers designed by Gong et al. The Waterloo Commercialization Office, Canada, has included the WG-A in an RFID anti-counterfeiting system and has proposed the WG-B for securing 4G networks. The WG-A and WG-B ciphers support 80- and 128-bit keys, respectively. Input-output correlations have been detected in the nonlinear transformations used by these ciphers. This presentation provides the details of these correlations and explains how to exploit them to build distinguishing attacks on WG-A and WG-B. The attacks preseneted here require, to nearly ensure success, between 2^22.20 and 2^29.07 keystream samples for WG-A and not more than 2^56.84 keystream samples for WG-B. These are the first attacks on WG-A/B ciphers.

