Cryptanalysis of RC4-like Ciphers
SAC '98 Proceedings of the Selected Areas in Cryptography
(Not So) Random Shuffles of RC4
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Analysis Methods for (Alleged) RCA
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Statistical Analysis of the Alleged RC4 Keystream Generator
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
A Practical Attack on Broadcast RC4
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
Designs, Codes and Cryptography
Key Collisions of the RC4 Stream Cipher
Fast Software Encryption
Linear statistical weakness of alleged RC4 keystream generator
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
On non-randomness of the permutation after RC4 key scheduling
AAECC'07 Proceedings of the 17th international conference on Applied algebra, algebraic algorithms and error-correcting codes
Predicting and distinguishing attacks on RC4 keystream generator
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
| Hi-index | 0.00 |
RC4 is the stream cipher proposed by Rivest in 1987, which is widely used in a number of commercial products because of its simplicity and substantial security. RC4 exploits shuffle-exchange paradigm, which uses a permutation S . Many attacks have been reported so far. No study, however, has focused on correlations in the Pseudo-Random Generation (PRGA) between two permutations S and S *** with some differences, nevertheless such correlations are related to an inherent weakness of shuffle-exchange-type PRGA. In this paper, we investigate the correlations between S and S *** with some differences in the initial round. We show that correlations between S and S *** remain before $``i"$ is in the position where the nonzero-bit difference exists in the initial round, and that the correlations remain with non negligible probability even after $``i"$ passed by the position. This means that the same correlations between S and S *** will be observed after the 255-th round. This reveals an inherent weakness of shuffle-exchange-type PRGA.