Skip to main content
Log in

Attacks on the RC4 stream cipher

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript


In this article we present some weaknesses in the RC4 cipher and their cryptographic applications. Especially we improve the attack described by Fluhrer, Mantin, Shamir (In: Selected Areas in Cryptography, 2001) in such a way, that it will work, if the weak keys described in that paper are avoided. A further attack will work even if the first 256 Byte of the output remain unused. Finally we show that variants of the RC4 algorithm like NGG and RC4A are also vulnerable by these techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others


  1. Ferguson N., Schneier B.: Practical Cryptography. Wiley Publishing, Inc. (2003).

  2. Fluhrer S., Mantin I., Shamir A.: Weakness in the Key Scheduling Algorithm of RC4. In: Selected Areas in Cryptography, vol. 2259 of LNCS, pp. 1–24. Springer, Berlin (2001).

  3. Fluhrer S.R., McGrew D.A.: Statistical analysis of the alleged RC4 keystream generator. In: Proceedings of the 7th International Workshop on Fast Software Encryption, vol. 1978 of LNCS, pp. 19–20. Springer, Berlin (2000).

  4. Golić J.Dj.: Linear statistical weakness of alleged RC4 keystream generator. In: Advances in Cryptology – EUROCRYPT ’97, vol. 1233 of LNCS, pp. 226–238. Springer, Berlin (1997).

  5. Golić J.Dj. (1999). Linear models for a time-variant-permutation generator. IEEE Trans. Inform. Theory 45(7): 2374–2382

    Article  MathSciNet  Google Scholar 

  6. Golic J.Dj.: Iterative probabilistic cryptanalysis of rc4 keystream generator. In: ACISP 2000, pp. 220–233 (2000).

  7. Gupta K., Nawaz Y., Gong G.: A 32-bit RC4-like keystream generator. Technical Report CACR 2005-21, Center for Applied Cryptographic Research, University of Waterloo, 2005. (2005).

  8. Mantin I. (2000). Predicting and distinguishing attacks on RC4 keystream generator. In: Cramer, R. (eds) Advances in Cryptology – EUROCRYPT 2005, vol. 3494 of LNCS, pp 491–506. Springer, Berlin

    Google Scholar 

  9. Mantin I. and Shamir A. (2001). A practical attack on broadcast RC4. In: Matsui, M. (eds) Revised Papers from the 8th International Workshop on Fast Software Encryption, vol. 2355 of LNCS., pp 152–164. Springer, London

    Google Scholar 

  10. Mironov I.: (Not so) random shuffles of RC4. In: Advances in Cryptology – CRYPTO 2002, vol. 2442 of LNCS, pp. 304–319. Springer, Berlin (2002).

  11. Mister S., Tavares S.E.: Cryptanalysis of RC4-like ciphers. In: Selected Areas in Cryptography (Kingston, ON, 1998), vol. 1556 of LNCS, pp. 121–143. Springer, Berlin (1999).

  12. Paul S., Preneel B.: A new weakness in the RC4 keystream generator and an approach to improve the security of the cipher. In: Fast Software Encryption 2004, vol. 3017 of LNCS, pp. 245–259 (2004).

  13. Wald A. (1947). Sequential Analysis. Wiley and Sons, New York

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to Andreas Klein.

Additional information

Communicated by P. Wild.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Klein, A. Attacks on the RC4 stream cipher. Des. Codes Cryptogr. 48, 269–286 (2008).

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI:


AMS Classifications