An algebraic attack on stream ciphers with application to nonlinear filter generators and WG-PRNG
Carla Mascia, Enrico Piccione, Massimiliano Sala
TL;DR
The paper addresses the vulnerability of nonlinear filter generators to algebraic attacks by introducing an improved approach that exploits multiple annihilators simultaneously. By constructing and solving low-degree systems through Grobner bases and the XL framework, the authors derive a quantitative bound on the number of keystream bits needed and demonstrate feasibility on WG-PRNG (with suitable parameter choices) and on two scaled toy ciphers. Their results show that, for WG-PRNG, the attack can succeed with far fewer keystream bits than previously thought (e.g., around $t\approx 2^{16.7}$–$2^{17.8}$ under certain $D$), implying a weaker security claim than advertised. The work provides a practical methodology for assessing algebraic security of nonlinear filters and highlights potential weaknesses in lightweight stream_cipher designs.
Abstract
In this paper, we propose a new algebraic attack on stream ciphers. Starting from the well-known attack due to Courtois and Meier, we design an attack especially effective against nonlinear filter generators. We test it on two toy stream ciphers and we show that the level of security of one of stream ciphers submitted to the NIST competition on Lightweight Cryptography, WG-PRNG, is less than that stated before now.
