Weaknesses in the Key Scheduling Algorithm of RC4
SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
(Not So) Random Shuffles of RC4
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Statistical Analysis of the Alleged RC4 Keystream Generator
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
A Practical Attack on Broadcast RC4
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
Linear statistical weakness of alleged RC4 keystream generator
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
On non-randomness of the permutation after RC4 key scheduling
AAECC'07 Proceedings of the 17th international conference on Applied algebra, algebraic algorithms and error-correcting codes
Passive-only key recovery attacks on RC4
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Permutation after RC4 key scheduling reveals the secret key
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
A practical attack on the fixed RC4 in the WEP mode
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Predicting and distinguishing attacks on RC4 keystream generator
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Recovering RC4 Permutation from 2048 Keystream Bytes if j Is Stuck
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Analysis of RC4 and Proposal of Additional Layers for Better Security Margin
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
New Results on the Key Scheduling Algorithm of RC4
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
On Some Sequences of the Secret Pseudo-random Index j in RC4 Key Scheduling
AAECC-18 '09 Proceedings of the 18th International Symposium on Applied Algebra, Algebraic Algorithms and Error-Correcting Codes
Discovery and exploitation of new biases in RC4
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Designs, Codes and Cryptography
Statistical attack on RC4 distinguishing WPA
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Attack on broadcast RC4 revisited
FSE'11 Proceedings of the 18th international conference on Fast software encryption
| Hi-index | 0.00 |
Consider the permutation Sin RC4. Roos pointed out in 1995 that after the Key Scheduling Algorithm (KSA) of RC4, each of the initial bytes of the permutation, i.e., S[y] for small values of y, is biased towards some linear combination of the secret key bytes. In this paper, for the first time we show that the bias can be observed in S[S[y]] too. Based on this new form of permutation bias after the KSA and other related results, a complete framework is presented to show that many keystream output bytes of RC4 are significantly biased towards several linear combinations of the secret key bytes. The results do not assume any condition on the secret key. We find new biases in the initial as well as in the 256-th and 257-th keystream output bytes. For the first time biases at such later stages are discovered without any knowledge of the secret key bytes. We also identify that these biases propagate further, once the information for the index jis revealed.