Abstract
NGG is an RC4-like stream cipher designed to make use of today’s common 32-bit processors. It is 3–5 times faster than RC4. In this paper, we show that the NGG stream can be distinguished, with success probability ≈ 97%, from a random stream using only the first keystream word. We also show that the first few kilobytes of the keystream may leak information about the secret key which allows the cryptanalyst to recover the secret key in a very efficient way.
Similar content being viewed by others
References
Bernstein, D.: Which eStream cipher have been broken? ECRYPT report. http://www.ecrypt.eu.org/stream/papersdir/2008/010.pdf (2008)
Biham, E., Carmeli, Y.: Efficient reconstruction of RC4 keys from internal states. In: Proc. of Fast Software Encryption, FSE 2008. LNCS, vol. 5086, pp. 270–288. Springer, New York (2008)
Fluhrer, S.R., McGrew, D.A.: Statistical analysis of the alleged RC4 keystream generator. In: Proc. of Fast Software Encryption, FSE 2000. LNCS, vol. 1978, pp. 19–30. Springer, New York (2000)
Fluhrer, S.R., Mantin, I., Shamir, A.: Weaknesses in the key scheduling algorithm of RC4. In: Proc. of Selected Areas in Cryptography, SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, New York (2001)
Golić, J.D.: Linear statistical weakness of alleged RC4 keystream generator. In: Proc. of EUROCRYPT ’97. LNCS, vol. 1233, pp. 226–238. Springer, New York (1997)
Gong, G., Chand, K., Hell, M., Nawaz, Y.: Towards a general RC4-like keystream generator. In: Proc. of CISC 2005. LNCS, vol. 3822, pp. 162–174. Springer, New York (2005)
Hawkes, P., Rose, G.G.: On the applicability of distinguishing attacks against stream ciphers. In: Proc. of the Third NESSIE Workshop (2002)
Klein, A.: Attacks on the RC4 stream cipher. http://cage.ugent.be/~klein/RC4/RC4-en.ps
Knudsen, L.R., Meier, W., Prenel, B., Rijmen, V., Verdoolaege, S.: Analysis methods for (alleged) RC4. In: Proc. of ASIACRYPT’98. LNCS, vol. 1514, pp. 327–341. Springer, New York (1998)
Mantin, I., Shamir, A.: A practical attack on broadcast RC4. In: Proc. of fast software encryption, FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, New York (2001)
Mantin, I.: Predicting and distinguishing attacks on RC4 keystream generator. In: Proc. of EUROCRYPT’ 2005. LNCS vol. 3494, pp. 491–506. Springer, New York (2005)
Mantin, I.: A practical attack on the fixed RC4 in the WEP mode. In: Proc. of ASIACRYPT 2005. LNCS, vol. 3788, pp. 395–411. Springer, New York (2005)
Maximov, A.: Two linear distinguishing attacks on VMPC and RC4A and weakness of RC4 family of stream ciphers. In: Proc. of Fast Software Encryption, FSE 2005. LNCS, vol. 3357, pp. 342–358. Springer, New York (2005)
Maximov, A., Khovratovich, D.: New state recovery attack on RC4. In: Proc. of CRYPTO 2008. LNCS, vol. 5157, pp. 297–316. Springer, New York (2008)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptographic Research. CRC, Boca Raton (1996)
Mironov, I.: Not (So) Random shuffle RC4. In: Proc. of CRYPTO’ 2002. LNCS, vol. 2442, pp. 304–319. Springer, New York (2002)
Nawaz, Y., Gupta, K.C., Gong, G.: A 32-bit RC4-like keystream generator. Technical report CACR 2005–21, Center for Applied Cryptographic Research, University of Waterloo. http://www.cacr.math.uwaterloo.ca/tech_reports.html. Also available at Cryptology ePrint Archive, 2005–175, http://eprint.iacr.org/2005/175 (2005)
Paul, S., Preenel, B.: On the (In)security of stream ciphers based on arrays and modular addition. In: Proc. of ASIACRYPT 2006. LNCS, vol. 4284, pp. 69–83. Springer, New York (2006)
Paul, S., Preenel, B.: A new weakness in the RC4 keystream generator and an approach to improve the security of the cipher. In: Proc. of Fast Software Encryption, FSE 2004. LNCS, vol. 3017, pp. 245–259. Springer, New York (2004)
Paul, G., Maitra, S.: Permutation after RC4 key scheduling reveals the secret key. In: Proc. of Selected Areas in Cryptography, SAC 2007. LNCS, vol. 4876, pp. 360–377. Springer, New York (2007)
Paul, S., Preneel, B.: A new weakness in RC4 keystream generator and an approach to improve the security of the cipher. In: Proc. of Fast Software Encryption, FSE 2004. LNCS, vol. 3017, pp. 245–259. Springer, New York (2004)
Tews, E., Weinmann, R.P., Pyshkin, A.: Breaking of 104 bit WEP in less than 60 seconds. http://eprint.iacr.org/2007/120.pdf (2007)
Tomašević , V., Bojanić, S., Nieto-Taladriz, O.: Finding an internal state of RC4 stream cipher. Inf. Sci. Int. J. 177(7), 1715–1727 (2007)
Tsunoo, Y., Saito, T., Kubo, H., Suzaki, T.: A distinguishing attack on a fast software-implemented RC4-like stream cipher. IEEE Trans. Inf. Theory 53(9) (2007)
Vaudenay, S., Vuagnoux, M.: Passive-only key recovery attacks on RC4. In: Proc. of Selected Areas in Cryptography, SAC 2007. LNCS, vol. 4876, pp. 344–359. Springer, New York (2007)
Wu, H.: Cryptanalysis of a 32-bit RC4-like stream cipher, Cryptology ePrint archive, 2005–219, IACR. eprint.iacr.org/2005/219.pdf (2005)
Zoltak, B.: VMPC one-way function and stream cipher. In: Proc. of Fast Software Encryption, FSE 2004. LNCS, vol. 3017, pp. 210–225. Springer, New York (2004)
Acknowledgements
This work was supported in part by the Natural Sciences and Engineering Research Council of Canada under Grant N00930. The authors would like to thank the anonymous reviewers for their comments that helped improve the presentation of the paper.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Kircanski, A., Al-Zaidy, R. & Youssef, A.M. A new distinguishing and key recovery attack on NGG stream cipher. Cryptogr. Commun. 1, 269–282 (2009). https://doi.org/10.1007/s12095-009-0012-4
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12095-009-0012-4