Weaknesses in the Key Scheduling Algorithm of RC4
SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
A Practical Attack on Broadcast RC4
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
Attacks on the RC4 stream cipher
Designs, Codes and Cryptography
Designs, Codes and Cryptography
New State Recovery Attack on RC4
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Passive-only key recovery attacks on RC4
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Discovery and exploitation of new biases in RC4
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Statistical attack on RC4 distinguishing WPA
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Attack on broadcast RC4 revisited
FSE'11 Proceedings of the 18th international conference on Fast software encryption
SEC'13 Proceedings of the 22nd USENIX conference on Security
Proving empirical key-correlations in RC4
Information Processing Letters
Hi-index | 0.00 |
In SAC 2010, Sepehrdad, Vaudenay and Vuagnoux have reported some empirical biases between the secret key, the internal state variables and the keystream bytes of RC4, by searching over a space of all linear correlations between the quantities involved. In this paper, for the first time, we give theoretical proofs for all such significant empirical biases. Our analysis not only builds a framework to justify the origin of these biases, it also brings out several new conditional biases of high order. We establish that certain conditional biases reported earlier are correlated with a third event with much higher probability. This gives rise to the discovery of new keylength-dependent biases of RC4, some as high as 50/N, where N is the size of the RC4 permutation. The new biases in turn result in successful keylength prediction from the initial keystream bytes of the cipher.