A real-time related key attack on the WG-16 stream cipher for securing 4G-LTE networks

Abstract

The WG-16 stream cipher proposed in 2013 is an efficient variant of the well-known WG stream cipher family. WG-16 inherits good randomness properties of the WG stream cipher family and is intended for use in confidentiality and integrity algorithms in mobile communications, such as 4G-LTE networks. This paper finds that there exist related Key-IV pairs for the WG-16 stream cipher that can generate keystreams which are exact shifts of each other throughout the keystream generation. By exploiting this slide property, a real-time related key attack on WG-16 is proposed, which recovers all 128 key bits with time complexity of about 235.81, requiring 235.81 chosen IVs and 6 related keys. We verify this attack on a common PC, which shows that our attack can recover all 128 key bits of WG-16 within four days. The experimental results indicate that WG-16 can be broken in real time in the multiple related key setting and is not secure as claimed by the designers. This is the first attack that defeats the practical security of WG-16.