Implementation of WG Stream Cipher with Involution Function  by Ashan, V.C.
 Procedia Technology  24 ( 2016 )  790 – 795 
Available online at www.sciencedirect.com
ScienceDirect
2212-0173 © 2016 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY-NC-ND license 
(http://creativecommons.org/licenses/by-nc-nd/4.0/).
Peer-review under responsibility of the organizing committee of ICETEST – 2015
doi: 10.1016/j.protcy.2016.05.092 
International Conference on Emerging Trends in Engineering, Science and Technology
(ICETEST - 2015)
Implementation of WG Stream Cipher with Involution Function
Ashan V.C.a
aDepartment of Electronics and Communication Engineering, Government Engineering College Idukki, Idukki, Kerala 685603, India
Abstract
This paper present a new hardware design of WelchGong (WG)128 cipher. The proposed WG Stream cipher use an involution
function block, for increasing the security of private data. The hardware complexity of involution block is very less. Together with
the involution block the randomness property of the resulting WG cipher will increases.
c© 2016 The Authors. Published by Elsevier Ltd.
Peer-review under responsibility of the organizing committee of ICETEST - 2015.
Keywords: Linear Feedback Shift Register(LFSR);Pseudo random key generators;Welch-Gong transformation;involution
1. Introduction
The cryptosystems are widely used in the private network systems. In WG cipher the data is XORed with the
generated key stream bits. These key stream bits are generated using a pseudorandom sequence generator(PRSG) and
secret key(seed). The usage and limitations of Stream ciphers are explained in [1],[2], [6], [4],etc.
Using linear feedback shift registers(LFSRs) and ﬁlter(Boolean function) conventional stream ciphers are built,
but algebraic attacks make such design more and more insecure. Conventional nonlinear feedback shift register based
stream ciphers have less randomness and limited cryptographic properties and such project designs are explained in
[7] and [6], therefore, the diﬃculty of analyzing the design itself deﬁnes the security of such ciphers. The WelchGong
(WG) is a stream cipher which is designed with WG transformations which produce streams of key with maximum
randomness.
This paper is organized as follows. Section 2 describe about the conventional WG cipher. Section 3 deﬁnes the
involution function, its property and design. Section 4 deﬁne the proposed WG cipher. Section 5 concludes this paper.
∗ Ashan V.C. Tel.: +0-944-772-3275.
E-mail address: ashanvc@gmail.com
 2016 The Authors. Published by Elsevier Ltd. This is an open access article under the CC BY-NC-ND license 
(http://creativecommons.org/licenses/by-nc-nd/4.0/).
Peer-review under responsibility of the organizing committee of ICETEST – 2015
791 V.C. Ashan  /  Procedia Technology  24 ( 2016 )  790 – 795 
2. WG Cipher
2.1. WG generator
The block diagram(Fig. 1) shown below gives the overall view of the WG generator. The secret key and initial
vector(IV)[3] were loaded in the ﬂip ﬂops used in the LFSR. The MUX is used to select the input to the LFSR ﬂip
ﬂops with the help of FSM connected to the select lines. The LFSR linear feed back is given by C(Z) equation 1. This
linear feed back and the initial feed back from the WG transform added together and give it as an input to the MUX.
C(Z) = Z11 ⊕ Z10 ⊕ Z9 ⊕ Z6 ⊕ Z3 ⊕ Z ⊕ 1 (1)
Fig. 1. WG generator.
2.2. WG Transformation
As shown in the ﬁgure 1 the output from the LFSR is given to WG Transformation block. The WG transformation
block convert the 29-bit output from the LFSR to 1-bit with maximum randomness. The working of this block with
various function used inside it were deﬁned in [10]. The operation of the cipher is divided into three: ﬁrst it load key
and Initial vector which is called loading phase , then key initialization take place , and running phase.The ﬁgure 2
shows the WG TRANS diagram.
Fig. 2. WG Transformation block.
792   V.C. Ashan  /  Procedia Technology  24 ( 2016 )  790 – 795 
Table 1. WG function with diﬀerent states of the FSM
binary counter op1 op0 operation
bit 1 bit 0
0 0 0 0 Key and IV loaded
1 0 0 1 initializing key
0 1 0 1 initializing key
1 1 1 0 WG running
2.3. FSM Module
The output from the LFSR is not directly connected to the WG transformation block. It is connected using a 4:1
MUX and the MUX is controlled by a FSM which is connected to the select lines of the MUX. In the next paragraph
explain the working of the FSM.
The FSM takes two inputs clock and reset. The FSM contain a 11-bit hot counter(ring counter), a 2-bit binary
counter, DFlipﬂop and logical gates. The reset pin is always high, when the reset pin pull down the binary counter
become reset and give an output(0,0). But the ring counter reset only after one clock cycle. It is due to the presence of
AND gate and DFlipﬂop. So after one cycle ring counter also goes to reset with LSB become high and other become
zero. Since the output from the binary counter is (0,0) the output of the FSM become (0,0). The clock for the binary
counter is from the LSB of the ring counter. So binary counter takes the next state after 11 clock cycle. So for each
11 clock cycle the output of the binary counter changes there by the output of the FSM also changes. Table 1 shows
the diﬀerent type of state FSM takes and it’s corresponding outputs.
As shown in the ﬁgure 3 the states of the FSM control the MUX, there by input to the WG transformation block
is controlled. In this way the randomness of the WG is increased. Within 11 clock cycles Key and Initial vectors are
loaded,after that initialization of key started and ends up in 22 clock cycles. After that WG runs and during the WG
runs the clock input to the ring counter and binary counter in the FSM become idle.
Fig. 3. FSM of the WG.
793 V.C. Ashan  /  Procedia Technology  24 ( 2016 )  790 – 795 
3. Involution Function
3.1. Involution Block
A function, F(x) is said to be involutional[8] when it is its own inverse, that is,
x = F(F(x)) (2)
Let as consider a 64-bit involutional block. The 64 bit can be considered as the 8 x 8 bit. Let b0-b7 is 8 bit each. Let
a0-a7 is the input which is also 8 bit each. This 64 bit input is converted to b0-b7. The design and construction of
this 64 bit involution block is explained in [9]. In involution block X(),X2() and X3() block are the main part. The
X(),X2() and X3() block will be created as shown in the ﬁgure 5 and 4. An 8-bit XOR gate is the only component used
in these blocks.
Fig. 4. X and X2 circuit.
Fig. 5. X3 circuit.
794   V.C. Ashan  /  Procedia Technology  24 ( 2016 )  790 – 795 
4. Proposed WG Cipher
The proposed WG cipher consist of WG generator, involution block and other essential parts. The block diagram
of the proposed WG cipher is shown in the ﬁgure 6 and 7
Fig. 6. Encryption part
Fig. 7. Decryption part
The transmitting data is converted into another form using an involution function. The output from the involution
block is given to a PISO(Parallel In Serial Out) which convert the multi-bits to single bit. This single bit data is
XORed with the generated key stream from the WG generator. The key stream is generated by the WG generator
using a secret key(seed). There by cipher text is obtained.
In decryption this cipher text is XORed with the generated key stream from the WG generator. The output of WG
generators in the Encryption part and Decryption part will be equal only if the secret key(seed) used in both parts were
same. The resulting single bit data is given to a SIPO in order to convert it into multi-bit data.The output from the
SIPO is given to the same involution block used in the encryption part to get the original data.
In this new method the eﬀective randomness of the transmitting data increases comparing with the conventional
WG stream ciphers. In old stream ciphers there is only LFSR andWG transformation[11] which have less randomness
for the transmitted data. As mentioned in the section WG generator, by including MUX in between LFSR and WG
transformation and utilizing the initial feed back the randomness of the generated signal is again increases. So by
including the involution block in this WG stream cipher the randomness property of the transmitting data is again
increases.
In the proposed WG stream cipher an extra involution block is used in both encoder and decoder which increases
the number of LUT(Look Up Table). So area and power utilization of the proposed WG stream cipher increases.
Since the randomness property of the WG stream cipher increased the security of the cipher is increases.
795 V.C. Ashan  /  Procedia Technology  24 ( 2016 )  790 – 795 
5. conclusion
A new hardware design of WG WelchGong (WG)128 cipher is designed. The proposed WG Stream cipher used
an involution function block, which increase the security of private data. Involution function block takes only a small
amount of hardware. With the integration of involution function in the stream cipher the randomness property of WG
cipher increased. The proposed WG stream cipher is developed using Xilinx and implemented on FPGA.
References
[1] S. Sen Gupta, A. Chattopadhyay, and A. Khalid, HiPAcc-LTE: An integrated high performance accelerator for 3GPP LTE stream ciphers,in
Proc. 12th Int. Conf. Cryptol. India , 2011, pp. 196 - 215.
[2] S. Gupta, A. Chattopadhyay, K. Si nha, S. Maitra, and B. Sinha High-performance hardware implementation for RC4 stream cipher,IEEE
Trans. Comput., vol. 62, no. 4, pp. 730 - 743, Apr. 2013.
[3] Y. Nawaz and G. Gong, WG: A family of stream ciphers with designed randomness properties,Inf. Sci., vol. 178, no. 7, pp. 1903 - 1916, 2008.
[4] Bluetooth Special Interest Group. (2010, Jun.). Adopted Bluetooth Core Speciﬁcations, Core Version 4.0 ,Kirkland, WA, USA [Online].
Available: https://www.bluetooth.org/
[5] C. Lam, M. Aagaard, and G. Gong, Hardware implementations of multi-output Welch-Gong ciphers,Dept. Department of Electr. Com-
put. Eng., Univ. Waterloo, Waterloo, ON, Canada, Tech. Rep. CACR 2011-01, 2009 [Online]. Available: http://cacr.uwaterloo.ca/
techreports/2011/cacr2011-01.pdf
[6] Y. Luo, Q. Chai, G. Gong, and X. Lai, A lightweight stream cipher WG-7 for RFID encryption and authentication,in Proc. IEEE Global
Telecommun. Conf. , Dec. 2010, pp. 16.
[7] (2005). eSTREAM The ECRYPT Stream Cipher Project [Online].,Available: http://www.ecrypt.eu.org/stream/
[8] Xueying Zhang, H.M. Heys, and Cheng Li, FPGA Implementation of Two Involutional Block Ciphers Targeted to Wireless Sensor Networks
,Electrical and Computer Engineering Memorial University of Newfoundland
[9] Nikhil Joshi, Kaijie Wu, and Ramesh Karri, Concurrent Error Detection Schemes for Involution Ciphers ,Department of Electrical and Com-
puter Engineering, Polytechnic University Brooklyn, NY 11201 USA
[10] Hayssam El-Razouk, Arash Reyhani-Masoleh, and Guang Gong, New Implementations of the WG Stream Cipher ,IEEE Trans. VLSI systems,
vol. 22, no. 9, september 2014
[11] Y. Nawaz and G. Gong, The WG Stream Cipher,Department of Electrical and Computer Engineering University of Waterloo,Waterloo, ON,
N2L 3G1, CANADA
