Optimal parameters for the WG stream cipher family

A general structure of the Welch-Gong (WG) stream cipher family is based on filtering an m-sequence of degree l over a finite field F-2m where the filtering function is a WG transformation from F-2m to F-2. For a fixed m and l, the linear span of the filtering sequence can be enhanced by increasing the algebraic degree of the WG transformations. This can be accomplished by the composition of a WG transformation with a monomial permutation, which is called the decimation of a WG transformation. In this paper, we first present the new exponent set of WG transformations, and show the existence of exponents derived from the new exponent set for which a decimated WG transformation achieves the maximum algebraic degree. As a result, the linear span of keystreams produced by a decimated WG cipher can be maximized and calculated theoretically. We then give a description of a decimated WG stream cipher which is built upon an LFSR and a decimated WG transformation over an extension field. The randomness properties of keystreams produced by a decimated WG cipher are derived based on the new exponent set. We also discuss the selection criteria for choosing the optimal parameters for the WG cipher family in order to achieve the maximum level of security. Finally, we present the optimal parameters for the WG transformations over F-2m,F- 7 <= m <= 16 based on the proposed criteria.