Table of Contents
Fetching ...

An algebraic attack on stream ciphers with application to nonlinear filter generators and WG-PRNG

Carla Mascia, Enrico Piccione, Massimiliano Sala

TL;DR

The paper addresses the vulnerability of nonlinear filter generators to algebraic attacks by introducing an improved approach that exploits multiple annihilators simultaneously. By constructing and solving low-degree systems through Grobner bases and the XL framework, the authors derive a quantitative bound on the number of keystream bits needed and demonstrate feasibility on WG-PRNG (with suitable parameter choices) and on two scaled toy ciphers. Their results show that, for WG-PRNG, the attack can succeed with far fewer keystream bits than previously thought (e.g., around $t\approx 2^{16.7}$–$2^{17.8}$ under certain $D$), implying a weaker security claim than advertised. The work provides a practical methodology for assessing algebraic security of nonlinear filters and highlights potential weaknesses in lightweight stream_cipher designs.

Abstract

In this paper, we propose a new algebraic attack on stream ciphers. Starting from the well-known attack due to Courtois and Meier, we design an attack especially effective against nonlinear filter generators. We test it on two toy stream ciphers and we show that the level of security of one of stream ciphers submitted to the NIST competition on Lightweight Cryptography, WG-PRNG, is less than that stated before now.

An algebraic attack on stream ciphers with application to nonlinear filter generators and WG-PRNG

TL;DR

The paper addresses the vulnerability of nonlinear filter generators to algebraic attacks by introducing an improved approach that exploits multiple annihilators simultaneously. By constructing and solving low-degree systems through Grobner bases and the XL framework, the authors derive a quantitative bound on the number of keystream bits needed and demonstrate feasibility on WG-PRNG (with suitable parameter choices) and on two scaled toy ciphers. Their results show that, for WG-PRNG, the attack can succeed with far fewer keystream bits than previously thought (e.g., around under certain ), implying a weaker security claim than advertised. The work provides a practical methodology for assessing algebraic security of nonlinear filters and highlights potential weaknesses in lightweight stream_cipher designs.

Abstract

In this paper, we propose a new algebraic attack on stream ciphers. Starting from the well-known attack due to Courtois and Meier, we design an attack especially effective against nonlinear filter generators. We test it on two toy stream ciphers and we show that the level of security of one of stream ciphers submitted to the NIST competition on Lightweight Cryptography, WG-PRNG, is less than that stated before now.
Paper Structure (11 sections, 2 theorems, 27 equations, 1 table)

This paper contains 11 sections, 2 theorems, 27 equations, 1 table.

Key Result

Lemma 3.1

Let $R= \mathbb{K}[x_1, \dots, x_n]$ be a polynomial ring over any field $\mathbb{K}$ and let $A = \{f_1, \dots, f_k\} \subset R^{\prime}= \mathbb{K}[x_1, \dots, x_m]$, with $m < n$, be a set of linearly independent polynomials. Let $g, g_1, \dots, g_k \in R^{\prime \prime} = \mathbb{K}[x_{m+1},\dot

Theorems & Definitions (5)

  • Definition 2.1
  • Lemma 3.1
  • proof
  • Proposition 3.2
  • proof