Skip to main content
SpringerLink
Log in

A new distinguishing and key recovery attack on NGG stream cipher

  • Published:
Cryptography and Communications Aims and scope Submit manuscript

Abstract

NGG is an RC4-like stream cipher designed to make use of today’s common 32-bit processors. It is 3–5 times faster than RC4. In this paper, we show that the NGG stream can be distinguished, with success probability ≈ 97%, from a random stream using only the first keystream word. We also show that the first few kilobytes of the keystream may leak information about the secret key which allows the cryptanalyst to recover the secret key in a very efficient way.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. Bernstein, D.: Which eStream cipher have been broken? ECRYPT report. http://www.ecrypt.eu.org/stream/papersdir/2008/010.pdf (2008)

  2. Biham, E., Carmeli, Y.: Efficient reconstruction of RC4 keys from internal states. In: Proc. of Fast Software Encryption, FSE 2008. LNCS, vol. 5086, pp. 270–288. Springer, New York (2008)

    Chapter  Google Scholar 

  3. Fluhrer, S.R., McGrew, D.A.: Statistical analysis of the alleged RC4 keystream generator. In: Proc. of Fast Software Encryption, FSE 2000. LNCS, vol. 1978, pp. 19–30. Springer, New York (2000)

    Chapter  Google Scholar 

  4. Fluhrer, S.R., Mantin, I., Shamir, A.: Weaknesses in the key scheduling algorithm of RC4. In: Proc. of Selected Areas in Cryptography, SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, New York (2001)

    Chapter  Google Scholar 

  5. Golić, J.D.: Linear statistical weakness of alleged RC4 keystream generator. In: Proc. of EUROCRYPT ’97. LNCS, vol. 1233, pp. 226–238. Springer, New York (1997)

    Google Scholar 

  6. Gong, G., Chand, K., Hell, M., Nawaz, Y.: Towards a general RC4-like keystream generator. In: Proc. of CISC 2005. LNCS, vol. 3822, pp. 162–174. Springer, New York (2005)

    Google Scholar 

  7. Hawkes, P., Rose, G.G.: On the applicability of distinguishing attacks against stream ciphers. In: Proc. of the Third NESSIE Workshop (2002)

  8. Klein, A.: Attacks on the RC4 stream cipher. http://cage.ugent.be/~klein/RC4/RC4-en.ps

  9. Knudsen, L.R., Meier, W., Prenel, B., Rijmen, V., Verdoolaege, S.: Analysis methods for (alleged) RC4. In: Proc. of ASIACRYPT’98. LNCS, vol. 1514, pp. 327–341. Springer, New York (1998)

    Google Scholar 

  10. Mantin, I., Shamir, A.: A practical attack on broadcast RC4. In: Proc. of fast software encryption, FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, New York (2001)

    Chapter  Google Scholar 

  11. Mantin, I.: Predicting and distinguishing attacks on RC4 keystream generator. In: Proc. of EUROCRYPT’ 2005. LNCS vol. 3494, pp. 491–506. Springer, New York (2005)

    Google Scholar 

  12. Mantin, I.: A practical attack on the fixed RC4 in the WEP mode. In: Proc. of ASIACRYPT 2005. LNCS, vol. 3788, pp. 395–411. Springer, New York (2005)

    Chapter  Google Scholar 

  13. Maximov, A.: Two linear distinguishing attacks on VMPC and RC4A and weakness of RC4 family of stream ciphers. In: Proc. of Fast Software Encryption, FSE 2005. LNCS, vol. 3357, pp. 342–358. Springer, New York (2005)

    Google Scholar 

  14. Maximov, A., Khovratovich, D.: New state recovery attack on RC4. In: Proc. of CRYPTO 2008. LNCS, vol. 5157, pp. 297–316. Springer, New York (2008)

    Google Scholar 

  15. Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptographic Research. CRC, Boca Raton (1996)

    Google Scholar 

  16. Mironov, I.: Not (So) Random shuffle RC4. In: Proc. of CRYPTO’ 2002. LNCS, vol. 2442, pp. 304–319. Springer, New York (2002)

    Google Scholar 

  17. Nawaz, Y., Gupta, K.C., Gong, G.: A 32-bit RC4-like keystream generator. Technical report CACR 2005–21, Center for Applied Cryptographic Research, University of Waterloo. http://www.cacr.math.uwaterloo.ca/tech_reports.html. Also available at Cryptology ePrint Archive, 2005–175, http://eprint.iacr.org/2005/175 (2005)

  18. Paul, S., Preenel, B.: On the (In)security of stream ciphers based on arrays and modular addition. In: Proc. of ASIACRYPT 2006. LNCS, vol. 4284, pp. 69–83. Springer, New York (2006)

    Chapter  Google Scholar 

  19. Paul, S., Preenel, B.: A new weakness in the RC4 keystream generator and an approach to improve the security of the cipher. In: Proc. of Fast Software Encryption, FSE 2004. LNCS, vol. 3017, pp. 245–259. Springer, New York (2004)

    Google Scholar 

  20. Paul, G., Maitra, S.: Permutation after RC4 key scheduling reveals the secret key. In: Proc. of Selected Areas in Cryptography, SAC 2007. LNCS, vol. 4876, pp. 360–377. Springer, New York (2007)

    Chapter  Google Scholar 

  21. Paul, S., Preneel, B.: A new weakness in RC4 keystream generator and an approach to improve the security of the cipher. In: Proc. of Fast Software Encryption, FSE 2004. LNCS, vol. 3017, pp. 245–259. Springer, New York (2004)

    Google Scholar 

  22. Tews, E., Weinmann, R.P., Pyshkin, A.: Breaking of 104 bit WEP in less than 60 seconds. http://eprint.iacr.org/2007/120.pdf (2007)

  23. Tomašević , V., Bojanić, S., Nieto-Taladriz, O.: Finding an internal state of RC4 stream cipher. Inf. Sci. Int. J. 177(7), 1715–1727 (2007)

    MATH  Google Scholar 

  24. Tsunoo, Y., Saito, T., Kubo, H., Suzaki, T.: A distinguishing attack on a fast software-implemented RC4-like stream cipher. IEEE Trans. Inf. Theory 53(9) (2007)

  25. Vaudenay, S., Vuagnoux, M.: Passive-only key recovery attacks on RC4. In: Proc. of Selected Areas in Cryptography, SAC 2007. LNCS, vol. 4876, pp. 344–359. Springer, New York (2007)

    Chapter  Google Scholar 

  26. Wu, H.: Cryptanalysis of a 32-bit RC4-like stream cipher, Cryptology ePrint archive, 2005–219, IACR. eprint.iacr.org/2005/219.pdf (2005)

  27. Zoltak, B.: VMPC one-way function and stream cipher. In: Proc. of Fast Software Encryption, FSE 2004. LNCS, vol. 3017, pp. 210–225. Springer, New York (2004)

    Google Scholar 

Download references

Acknowledgements

This work was supported in part by the Natural Sciences and Engineering Research Council of Canada under Grant N00930. The authors would like to thank the anonymous reviewers for their comments that helped improve the presentation of the paper.

Author information

Authors and Affiliations

  1. Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Quebec, H3G 1M8, Canada

    Aleksandar Kircanski, Rabeah Al-Zaidy & Amr M. Youssef

Authors
  1. Aleksandar Kircanski
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rabeah Al-Zaidy
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Amr M. Youssef
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Amr M. Youssef.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Kircanski, A., Al-Zaidy, R. & Youssef, A.M. A new distinguishing and key recovery attack on NGG stream cipher. Cryptogr. Commun. 1, 269–282 (2009). https://doi.org/10.1007/s12095-009-0012-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s12095-009-0012-4

Keywords

Search

Navigation