Security Analysis of WG-7 Lightweight Stream Cipher against Cube Attack

Abstract

Welch--Gong (WG) is a hardware-oriented LFSR-based stream cipher. WG-7 is a version of the eStream submission Welch--Gong, used for RFID encryption and authentication purposes. It offers 80-bit cryptographic security. In modern days, almost all ciphers achieve the security by exploiting the nonlinear feedback structure. In this paper, we investigate the security of the nonlinear feedback-based initialization phase of the WG-7 stream cipher using the conventional bit-based division property of cube attack, by considering the cipher in a non-blackbox polynomial setting. In our work, we mount the cube attack using mixed-integer-linear-programming(MILP) models. The results of our attack enable us to recover the secret key of WG-7 after 20 rounds of initialization utilizing 210 keystream bits in 273 time. We show that our proposed attack takes significantly lower data complexity. To the best of our knowledge, our attack is the first one that investigates the security of the nonlinear feedback-based initialization phase of WG-7 cipher.