Analysis and design of stream ciphers
Analysis and design of stream ciphers
Iterative Probabilistic Cryptanalysis of RC4 Keystream Generator
ACISP '00 Proceedings of the 5th Australasian Conference on Information Security and Privacy
Guess-and-Determine Attacks on SNOW
SAC '02 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography
A Practical Attack on Broadcast RC4
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP)
ACM Transactions on Information and System Security (TISSEC)
Experimental Analysis of Guess-and-Determine Attacks on Clock-Controlled Stream Ciphers
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Key-Dependent Weak IVs and Weak Keys in WEP --- How to Trace Conditions Back to Their Patterns ---
IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences
Linear statistical weakness of alleged RC4 keystream generator
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
FMS attack-resistant WEP implementation is still broken
CIS'05 Proceedings of the 2005 international conference on Computational Intelligence and Security - Volume Part II
Predicting and distinguishing attacks on RC4 keystream generator
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Hi-index | 0.00 |
In a key scheduling algorithm (KSA) of stream ciphers, a secret key is expanded into a large initial state. An internal state reconstruction method is known as a general attack against stream ciphers; it recovers the initial state from a given pair of plaintext and ciphertext more efficiently than exhaustive key search. If the method succeeds, then it is desirable that the inverse of KSA is infeasible in order to avoid the leakage of the secret key information. This paper shows that it is easy to compute a secret key from an initial state of RC4. We propose a method to recover an ℓ-bit secret key from only the first ℓ bits of the initial state of RC4 using linear equations with the time complexity less than that of one execution of KSA. It can recover the secret keys of which number is 2103.6 when the size of the secret key is 128 bits. That is, the 128-bit secret key can be recovered with a high probability when the first 128 bits of the initial state are determined using the internal state reconstruction method.