Cryptography and Communications

, Volume 10, Issue 5, pp 881–908 | Cite as

Analysis of burn-in period for RC4 state transition

  • Goutam Paul
  • Souvik Ray
Part of the following topical collections:
  1. Special Issue on Statistics in Design and Analysis of Symmetric Ciphers


The internal state of RC4 stream cipher is a permutation over \({\mathbb Z}_{N}\) and its state transition is effectively a transposition or swapping of two elements. How the randomness of RC4 state evolves due to its state transitions has been studied for many years. As the number of swaps increases, the state comes closer to a uniform random permutation. We define the burn-in period of RC4 state transition as the number of swaps required to make the state very close to uniform random permutation under some suitably defined distance measure. Earlier, Mantin in his Master’s thesis (2001) performed an approximate analysis of the burn-in period. In this paper, we perform a rigorous analysis of the burn-in period and in the process derive the exact distribution of the RC4 state elements at any stage.


Bias Burn-in Cryptography Random permutation RC4 State transition Stream cipher 

Mathematics Subject Classification (2010)




The second author worked for this paper during the winter break in 2016 in his Master of Statistics course.


  1. 1.
    AlFardan, N.J., Bernstein, D.J., Paterson, K.G., Poettering, B., Schuldt, J.C.N.: On the security of RC4 in TLS. In: King, S.T. (ed.) Proceedings of the 22th USENIX Security Symposium, pp. 305–320. USENIX Association, Washington (2013)Google Scholar
  2. 2.
    Dierks, T., Rescorla, E.: The Transport Layer Security (TLS) Protocol Version 1.2. RFC 5246 (Proposed Standard). Updated by RFCs 5746, 5878, 6176, 7465, 7507, 7568, 7627, 7685, 7905, 7919 (2008)Google Scholar
  3. 3.
    Calhoun, P., Montemurro, M., Stanley, D., (Ed.) Control and Provisioning of Wireless Access Points (CAPWAP) Protocol Binding for IEEE 802.11. RFC 5416 (Proposed Standard) (2009)Google Scholar
  4. 4.
    Freier, A., Karlton, P., Kocher, P.: The Secure Sockets Layer (SSL) Protocol Version 3.0 RFC 6101 (Historic) (2011)Google Scholar
  5. 5.
    Garman, C., Paterson, K.G., Van der Merwe, T.: Attacks only get better: Password recovery attacks against RC4 in TLS. In: Jung, J., Holz, T. (eds.) 24th USENIX Security Symposium, USENIX Security 15, pp. 113–128. USENIX Association, Washington (2015)Google Scholar
  6. 6.
    Gupta, S. S., Maitra, S., Paul, G., Santanu, S.: (non-)random sequences from (non-)random permutations - analysis of RC4 stream cipher. J. Cryptol. 27(1), 67–108 (2014)CrossRefMATHGoogle Scholar
  7. 7.
    Maitra, S.: The index j in rc4 is not pseudo-random due to non-existence of finney cycle. Cryptology ePrint Archive, Report 2015/1043. (2015)
  8. 8.
    Maitra, S., Paul, G.: Analysis of RC4 and proposal of additional layers for better security margin. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) Progress in Cryptology - INDOCRYPT 2008, 9th International Conference on Cryptology in India, Kharagpur. Proceedings, volume 5365 of Lecture Notes in Computer Science, pp. 27–39. Springer (2008)Google Scholar
  9. 9.
    Mantin, I.: The security of the stream cipher rc4. Master Thesis, The Weizmann Institue of Science (2001)Google Scholar
  10. 10.
    Mironov, I.: (not so) random shuffles of RC4. In: Yung, M. (ed.) Advances in Cryptology - CRYPTO 2002, 22nd Annual International Cryptology Conference, Santa Barbara. Proceedings, volume 2442 of Lecture Notes in Computer Science, pp. 304–319. Springer (2002)Google Scholar
  11. 11.
    Paterson, K.G., Poettering, B., Schuldt, J.C.N.: Big bias hunting in amazonia: Large-scale computation and exploitation of RC4 biases (invited paper). In: Sarkar, P., Iwata, T. (eds.) Advances in Cryptology - ASIACRYPT 2014 - 20th International Conference on the Theory and Application of Cryptology and Information Security, Kaoshiung. Proceedings, Part I, volume 8873 of Lecture Notes in Computer Science, pp. 398–419. Springer (2014)Google Scholar
  12. 12.
    Paul, G., Maitra, S., Srivastava, R.: On non-randomness of the permutation after RC4 key scheduling. In: Boztas, S., Lu, H.-f. (eds.) Applied Algebra, Algebraic Algorithms and Error-Correcting Codes, 17th International Symposium, AAECC-17, Bangalore. Proceedings, volume 4851 of Lecture Notes in Computer Science, p. 2007. Springer (2007)Google Scholar
  13. 13.
    Rivest, R.L., Schuldt, J.C.N.: Spritz–A spongy RC4-like stream cipher and hash function. CRYPTO 2014 Rump Session (2014)Google Scholar
  14. 14.
    Sarkar, S., Gupta, S.S., Paul, G., Maitra, S.: Proving tls-attack related open biases of RC4. Des Codes Crypt. 77(1), 231–253 (2015)MathSciNetCrossRefMATHGoogle Scholar
  15. 15.
    Ylonen, T., Lonvick, C. (Ed.) The Secure Shell (SSH) Transport Layer Protocol. RFC 4253 (Proposed Standard), Updated by RFC 6668 (2006)Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Indian Statistical InstituteKolkataIndia

Personalised recommendations