On non-negligible bias of the first output byte of RC4 towards the first three bytes of the secret key

Authors:
Goutam Paul;Siddheshwar Rathi;Subhamoy Maitra
Affiliations:
Department of Computer Science and Engineering, Jadavpur University, Kolkata, India 700 032;, Kolkata, India;Applied Statistics Unit, Indian Statistical Institute, Kolkata, India 700 108
Venue:
Designs, Codes and Cryptography
Year:
2008

Citing 5
Cited 7

(Not So) Random Shuffles of RC4

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
A Practical Attack on Broadcast RC4

FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
Linear statistical weakness of alleged RC4 keystream generator

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
A practical attack on the fixed RC4 in the WEP mode

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Predicting and distinguishing attacks on RC4 keystream generator

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques

Analysis of RC4 and Proposal of Additional Layers for Better Security Margin

INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
New Correlations of RC4 PRGA Using Nonzero-Bit Differences

ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
Statistical attack on RC4 distinguishing WPA

EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Robust watermarking of compressed JPEG images in encrypted domain

Transactions on data hiding and multimedia security VI
A critique of some chaotic-map and cellular automata-based stream ciphers

ASIAN'09 Proceedings of the 13th Asian conference on Advances in Computer Science: information Security and Privacy
Proof of empirical RC4 biases and new key correlations

SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Proving empirical key-correlations in RC4

Information Processing Letters

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we show that the first byte of the keystream output of RC4 has non-negligible bias towards the sum of the first three bytes of the secret key. This result is based on our observation that the index, where the first byte of the keystream output is chosen from, is approximately twice more likely to be 2 than any other value. Our technique is further used to theoretically prove Roos's experimental observation (A class of weak keys in the RC4 stream cipher, 1995) related to weak keys.