Proof of empirical RC4 biases and new key correlations

Authors:
Sourav Sen Gupta;Subhamoy Maitra;Goutam Paul;Santanu Sarkar
Affiliations:
Applied Statistics Unit, Indian Statistical Institute, Kolkata, India;Applied Statistics Unit, Indian Statistical Institute, Kolkata, India;Dept. of Computer Science and Engg., Jadavpur University, Kolkata, India;Applied Statistics Unit, Indian Statistical Institute, Kolkata, India
Venue:
SAC'11 Proceedings of the 18th international conference on Selected Areas in Cryptography
Year:
2011

Citing 9
Cited 2

Weaknesses in the Key Scheduling Algorithm of RC4

SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
A Practical Attack on Broadcast RC4

FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
Attacks on the RC4 stream cipher

Designs, Codes and Cryptography
On non-negligible bias of the first output byte of RC4 towards the first three bytes of the secret key

Designs, Codes and Cryptography
New State Recovery Attack on RC4

CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Passive-only key recovery attacks on RC4

SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Discovery and exploitation of new biases in RC4

SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
Statistical attack on RC4 distinguishing WPA

EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Attack on broadcast RC4 revisited

FSE'11 Proceedings of the 18th international conference on Fast software encryption

On the security of RC4 in TLS

SEC'13 Proceedings of the 22nd USENIX conference on Security
Proving empirical key-correlations in RC4

Information Processing Letters

Quantified Score

Hi-index	0.00

Visualization

Abstract

In SAC 2010, Sepehrdad, Vaudenay and Vuagnoux have reported some empirical biases between the secret key, the internal state variables and the keystream bytes of RC4, by searching over a space of all linear correlations between the quantities involved. In this paper, for the first time, we give theoretical proofs for all such significant empirical biases. Our analysis not only builds a framework to justify the origin of these biases, it also brings out several new conditional biases of high order. We establish that certain conditional biases reported earlier are correlated with a third event with much higher probability. This gives rise to the discovery of new keylength-dependent biases of RC4, some as high as 50/N, where N is the size of the RC4 permutation. The new biases in turn result in successful keylength prediction from the initial keystream bytes of the cipher.