# zbMATH — the first resource for mathematics

Resynchronization attacks on WG and LEX. (English) Zbl 1234.68098
Robshaw, Matthew (ed.), Fast software encryption. 13th international workshop, FSE 2006, Graz, Austria, March 15–17, 2006. Revised selected papers. Berlin: Springer (ISBN 3-540-36597-4/pbk). Lecture Notes in Computer Science 4047, 422-432 (2006).
Summary: WG and LEX are two stream ciphers submitted to eStream – the ECRYPT stream cipher project. In this paper, we point out security flaws in the resynchronization of these two ciphers. The resynchronization of WG is vulnerable to a differential attack. For WG with 80-bit key and 80-bit IV, 48 bits of the secret key can be recovered with about $$2^{31.3}$$ chosen IVs . For each chosen IV, only the first four keystream bits are needed in the attack. The resynchronization of LEX is vulnerable to a slide attack. If a key is used with about $$2^{60.8}$$ random IVs, and 20,000 keystream bytes are generated from each IV, then the key of the strong version of LEX could be recovered easily with a slide attack. The resynchronization attack on WG and LEX shows that block cipher related attacks are powerful in analyzing non-linear resynchronization mechanisms.
For the entire collection see [Zbl 1108.68003].
Reviewer: Reviewer (Berlin)

##### MSC:
 68P25 Data encryption (aspects in computer science) 94A60 Cryptography
LEX
Full Text: