On Some Sequences of the Secret Pseudo-random Index j in RC4 Key Scheduling

Authors:
Riddhipratim Basu;Subhamoy Maitra;Goutam Paul;Tanmoy Talukdar
Affiliations:
Indian Statistical Institute, Kolkata, India 700 108;Indian Statistical Institute, Kolkata, India 700 108;Department of Computer Science and Engineering, Jadavpur University, Kolkata 700032;Indian Statistical Institute, Kolkata, India 700 108
Venue:
AAECC-18 '09 Proceedings of the 18th International Symposium on Applied Algebra, Algebraic Algorithms and Error-Correcting Codes
Year:
2009

Citing 8
Cited 1

Analysis Methods for (Alleged) RCA

ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Finding an internal state of RC4 stream cipher

Information Sciences: an International Journal
New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4

Fast Software Encryption
Efficient Reconstruction of RC4 Keys from Internal States

Fast Software Encryption
New State Recovery Attack on RC4

CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
New Results on the Key Scheduling Algorithm of RC4

INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
On Reconstruction of RC4 Keys from Internal States

Mathematical Methods in Computer Science
Permutation after RC4 key scheduling reveals the secret key

SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography

An analysis of the RC4 family of stream ciphers against algebraic attacks

AISC '10 Proceedings of the Eighth Australasian Conference on Information Security - Volume 105

Quantified Score

Hi-index	0.00

Visualization

Abstract

RC4 Key Scheduling Algorithm (KSA) uses a secret pseudo-random index j which is dependent on the secret key. Let S N be the permutation after the complete KSA of RC4. It is known that the value of j in round y + 1 can be predicted with high probability from S N [y ] for the initial values of y and from $S^{-1}_N[y]$ for the final values of y . This fact has been exploited in several recent works on secret key recovery from S N . In this paper, we perform extensive analysis of some special sequences of indices corresponding to the j values that leak useful information for key recovery. We present new theoretical results on the probability and the number of such sequences. As an application, we explain a new secret key recovery algorithm that can recover a 16 bytes secret key with a success probability of 0.1409. Our strategy has high time complexity at this point and requires further improvement to be feasible in practice.