Linear statistical weakness of alleged RC4 keystream generator
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Weaknesses in the Key Scheduling Algorithm of RC4
SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
(Not So) Random Shuffles of RC4
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Statistical Analysis of the Alleged RC4 Keystream Generator
FSE '00 Proceedings of the 7th International Workshop on Fast Software Encryption
A Practical Attack on Broadcast RC4
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
On-Chip Communication Architectures: System on Chip Interconnect
On-Chip Communication Architectures: System on Chip Interconnect
Differential Cryptanalysis of the Stream Ciphers Py, Py6 and Pypy
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
New State Recovery Attack on RC4
CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
New Correlations of RC4 PRGA Using Nonzero-Bit Differences
ACISP '09 Proceedings of the 14th Australasian Conference on Information Security and Privacy
A practical attack on the fixed RC4 in the WEP mode
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Towards a general RC4-Like keystream generator
CISC'05 Proceedings of the First SKLOIS conference on Information Security and Cryptology
Predicting and distinguishing attacks on RC4 keystream generator
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Some combinatorial results towards state recovery attack on RC4
ICISS'11 Proceedings of the 7th international conference on Information Systems Security
| Hi-index | 0.00 |
RC4, a stream cipher designed by Rivest for RSA Data Security Inc., has found several commercial applications, but little public analysis has been done to date. In this paper, alleged RC4 (hereafter called RC4) is described and existing analysis outlined. The properties of RC4, and in particular its cycle structure, are discussed. Several variants of a basic "tracking" attack are described, and we provide experimental results on their success for scaled-down versions of RC4. This analysis shows that, although the full-size RC4 remains secure against known attacks, keystreams are distinguishable from randomly generated bit streams, and the RC4 key can be recovered if a significant fraction of the full cycle of keystream bits is generated (while recognizing that for a full-size system, the cycle length is too large for this to be practical). The tracking attacks discussed provide a significant improvement over the exhaustive search of the full RC4 keyspace. For example, the state of a 5 bit RC4-like cipher can be obtained from a portion of the keystream using 242 steps, while the nominal keyspace of the system is 2160. More work is necessary to improve these attacks in the case where a reduced keyspace is used.