Cryptanalysis of WG Family of Stream Ciphers

The well-known Welch-Gong (WG) stream cipher, proposed by Nawaz and Gong in 2005, was submitted to the hardware profile of the eSTREAM project. In the last several years, the original WG has come under several cryptanalytic attacks. However, as for the final version of WG, no attack has been published on it until now. In this paper, an efficient key recovery attack on the final WG stream cipher in the related key setting is proposed. Under related keys, we can recover the 128-bit secret key of WG-128 with a time complexity of 2(89) and a memory complexity of 2(45). The success probability of the attack is 0.6321. This result shows that our attack on WG-128 is much better than an exhaustive key search in the related key setting. Furthermore, our cryptanalytic results show that WG with IV size no less than 80 bits is vulnerable to a related key attack. The main feature of our attack is that it is independent of the number of steps in the key/IV setup of WG, and then increasing the number of steps in the key/IV setup cannot strengthen the resistance of WG against a related key attack. Finally, a recommended approach to repair the weakness and strengthen the resistance of WG against a related key attack is presented.