A differential fault attack on the WG family of stream ciphers

WG- l ( l = 7 , 8 , 16 , 29 ) are the well-known Welch–Gong (WG) stream cipher family with different key length bits. The first version named WG (WG-29) stream cipher was introduced in eSTREAM project as a cipher suitable for hardware implementations. The other variants are proposed for different ap...

Full description

Saved in:
Bibliographic Details
Published inJournal of cryptographic engineering Vol. 10; no. 2; pp. 189 - 195
Main Authors Orumiehchiha, Mohammad Ali, Rostami, Saeed, Shakour, Elham, Pieprzyk, Josef
Format Journal Article
LanguageEnglish
Published Berlin/Heidelberg Springer Berlin Heidelberg 01.06.2020
Springer Nature B.V
Subjects
Algorithms
Circuits and Systems
Communications Engineering
Computer Communication Networks
Computer Science
Computer systems
Cryptography
Cryptology
Data Structures and Information Theory
Encryption
Networks
Operating Systems
Radio frequency identification
Regular Paper
WG family
WG-16
WG-29 stream cipher
WG-7
WG-8
Differential fault attack
Online AccessGet full text

Cover

More Information
Summary:WG- l ( l = 7 , 8 , 16 , 29 ) are the well-known Welch–Gong (WG) stream cipher family with different key length bits. The first version named WG (WG-29) stream cipher was introduced in eSTREAM project as a cipher suitable for hardware implementations. The other variants are proposed for different applications from RFID to fast communications. This paper presents an extensive fault analysis on the WG family. Fault attacks are powerful cryptanalytic tools to analyse cryptosystems, which are not vulnerable to other known cryptographic attacks. The security model used to analyse the WG ciphers applies random faults, which are allowed to be injected by an adversary. The adversary has no control over the fault locations and their values. For each WG- l stream cipher, an adversary needs to observe a specific number of keystream bits before they are able to recover the secret key. To recover the secret key of WG-8, the adversary needs to inject about six random faults and compute the secret key with data and time complexities about 2 15.78 bits and 2 24 , respectively. The adversary can recover the secret key of WG-7, WG-16 and WG-29 ciphers with time complexities 2 22 , 2 42 and 2 64 , respectively. The attacks have been verified experimentally.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2190-8508
2190-8516
DOI:10.1007/s13389-020-00222-x