Designs, Codes and Cryptography

, Volume 48, Issue 3, pp 269–286 | Cite as

Attacks on the RC4 stream cipher

  • Andreas Klein


In this article we present some weaknesses in the RC4 cipher and their cryptographic applications. Especially we improve the attack described by Fluhrer, Mantin, Shamir (In: Selected Areas in Cryptography, 2001) in such a way, that it will work, if the weak keys described in that paper are avoided. A further attack will work even if the first 256 Byte of the output remain unused. Finally we show that variants of the RC4 algorithm like NGG and RC4A are also vulnerable by these techniques.


Cryptanalysis Stream cipher RC4 

AMS Classifications

68P25 94A60 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ferguson N., Schneier B.: Practical Cryptography. Wiley Publishing, Inc. (2003).Google Scholar
  2. 2.
    Fluhrer S., Mantin I., Shamir A.: Weakness in the Key Scheduling Algorithm of RC4. In: Selected Areas in Cryptography, vol. 2259 of LNCS, pp. 1–24. Springer, Berlin (2001).Google Scholar
  3. 3.
    Fluhrer S.R., McGrew D.A.: Statistical analysis of the alleged RC4 keystream generator. In: Proceedings of the 7th International Workshop on Fast Software Encryption, vol. 1978 of LNCS, pp. 19–20. Springer, Berlin (2000).Google Scholar
  4. 4.
    Golić J.Dj.: Linear statistical weakness of alleged RC4 keystream generator. In: Advances in Cryptology – EUROCRYPT ’97, vol. 1233 of LNCS, pp. 226–238. Springer, Berlin (1997).Google Scholar
  5. 5.
    Golić J.Dj. (1999). Linear models for a time-variant-permutation generator. IEEE Trans. Inform. Theory 45(7): 2374–2382 CrossRefMathSciNetGoogle Scholar
  6. 6.
    Golic J.Dj.: Iterative probabilistic cryptanalysis of rc4 keystream generator. In: ACISP 2000, pp. 220–233 (2000).Google Scholar
  7. 7.
    Gupta K., Nawaz Y., Gong G.: A 32-bit RC4-like keystream generator. Technical Report CACR 2005-21, Center for Applied Cryptographic Research, University of Waterloo, 2005. (2005).
  8. 8.
    Mantin I. (2000). Predicting and distinguishing attacks on RC4 keystream generator. In: Cramer, R. (eds) Advances in Cryptology – EUROCRYPT 2005, vol. 3494 of LNCS, pp 491–506. Springer, Berlin Google Scholar
  9. 9.
    Mantin I. and Shamir A. (2001). A practical attack on broadcast RC4. In: Matsui, M. (eds) Revised Papers from the 8th International Workshop on Fast Software Encryption, vol. 2355 of LNCS., pp 152–164. Springer, London Google Scholar
  10. 10.
    Mironov I.: (Not so) random shuffles of RC4. In: Advances in Cryptology – CRYPTO 2002, vol. 2442 of LNCS, pp. 304–319. Springer, Berlin (2002).Google Scholar
  11. 11.
    Mister S., Tavares S.E.: Cryptanalysis of RC4-like ciphers. In: Selected Areas in Cryptography (Kingston, ON, 1998), vol. 1556 of LNCS, pp. 121–143. Springer, Berlin (1999).Google Scholar
  12. 12.
    Paul S., Preneel B.: A new weakness in the RC4 keystream generator and an approach to improve the security of the cipher. In: Fast Software Encryption 2004, vol. 3017 of LNCS, pp. 245–259 (2004).Google Scholar
  13. 13.
    Wald A. (1947). Sequential Analysis. Wiley and Sons, New York zbMATHGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  1. 1.Department of Pure Mathematics and Computer AlgebraGhent UniversityGhentBelgium

Personalised recommendations