Iterative Probabilistic Cryptanalysis of RC4 Keystream Generator
ACISP '00 Proceedings of the 5th Australasian Conference on Information Security and Privacy
Cryptanalysis of RC4-like Ciphers
SAC '98 Proceedings of the Selected Areas in Cryptography
Weaknesses in the Key Scheduling Algorithm of RC4
SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
(Not So) Random Shuffles of RC4
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Analysis Methods for (Alleged) RCA
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Statistical Analysis of the Alleged RC4 Keystream Generator
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
A Practical Attack on Broadcast RC4
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
Linear statistical weakness of alleged RC4 keystream generator
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Two linear distinguishing attacks on VMPC and RC4A and weakness of RC4 family of stream ciphers
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Impossible fault analysis of RC4 and differential fault analysis of RC4
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
Predicting and distinguishing attacks on RC4 keystream generator
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Designs, Codes and Cryptography
Differential Cryptanalysis of the Stream Ciphers Py, Py6 and Pypy
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4
Fast Software Encryption
Recovering RC4 Permutation from 2048 Keystream Bytes if j Is Stuck
ACISP '08 Proceedings of the 13th Australasian conference on Information Security and Privacy
Analysis of RC4 and Proposal of Additional Layers for Better Security Margin
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Survey and benchmark of stream ciphers for wireless sensor networks
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
On non-randomness of the permutation after RC4 key scheduling
AAECC'07 Proceedings of the 17th international conference on Applied algebra, algebraic algorithms and error-correcting codes
Passive-only key recovery attacks on RC4
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Permutation after RC4 key scheduling reveals the secret key
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Designs, Codes and Cryptography
RC4-hash: a new hash function based on RC4
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Proving empirical key-correlations in RC4
Information Processing Letters
| Hi-index | 0.00 |
In this paper we revisit a known but ignored weakness of the RC4 keystream generator, where secret state info leaks to the generated keystream, and show that this leakage, also known as Jenkins’ correlation or the RC4 glimpse, can be used to attack RC4 in several modes. Our main result is a practical key recovery attack on RC4 when an IV modifier is concatenated to the beginning of a secret root key to generate a session key. As opposed to the WEP attack from [FMS01] the new attack is applicable even in the case where the first 256 bytes of the keystream are thrown and its complexity grows only linearly with the length of the key. In an exemplifying parameter setting the attack recovers a 16-byte key in 248 steps using 217 short keystreams generated from different chosen IVs. A second attacked mode is when the IV succeeds the secret root key. We mount a key recovery attack that recovers the secret root key by analyzing a single word from 222 keystreams generated from different IVs, improving the attack from [FMS01] on this mode. A third result is an attack on RC4 that is applicable when the attacker can inject faults to the execution of RC4. The attacker derives the internal state and the secret key by analyzing 214 faulted keystreams generated from this key.