Cryptanalysis of WG-8 and WG-16 stream ciphers

In 2008, the WG family of stream ciphers was designed by Navaz and Gong to secure lightweight applications for RFIDs and smart cards. In 2012, a distinguishing attack was discovered against the WG-7 stream cipher by Orumiehchiha, Pieprzyk and Steinfeld. In 2013, Gong, Aagaard and Fan have re-designed the WG cipher family and claimed that the ciphers are secure if the minimal polynomials of the linear feedback shift registers are properly chosen. This work analyses the security of the WG-8, and WG-16 ciphers from the recently published WG family. It shows that the ciphers are subject to distinguishing attacks that allow an adversary to distinguish WG-8 and WG-16 from random ciphers after observing 249.8 and 263.25 bits, respectively. The attacks use a counting algorithm for the number of zeros and ones of Boolean functions. The algorithm allows to find a bias much quicker than a routine truth-table enumeration.