Statistical Analysis of the Alleged RC4 Keystream Generator
The alleged RC4 keystream generator is examined, and a method of explicitly computing digraph probabilities is given. Using this method, we demonstrate a method for distinguishing 8-bit RC4 from randomness. Our method requires less keystream output than currently published attacks, requiring only 230:6 bytes of output. In addition, we observe that an attacker can, on occasion, determine portions of the internal state with nontrivial probability. However, we are currently unable to extend this observation to a full attack.
- 1.Blahut, R., „Principles and Practice of Information Theory”, Addison-Wesley, 1983.Google Scholar
- 3.Golić, J., ”Linear Statistical Weakness of Alleged RC4 Keystream Generator”, Proceedings of EUROCRYPT’ 97, Springer-Verlag.Google Scholar
- 4.Knudsen, L., Meier, W., Preneel, B., Rijmen, V., and Verdoolaege, S., “Analysis Methods for (Alleged) RC4”, Proceedings of ASIACRYPT’ 99, Springer-Verlag.Google Scholar
- 5.Mister, S. and Tavares, S., “Cryptanalysis of RC4-like Ciphers”, in the Workshop Record of the Workshop on Selected Areas in Cryptography (SAC’ 98), Aug. 17-18, 1998, pp. 136–148.Google Scholar
- 6.Rivest, R., „The RC4 encryption algorithm”, RSA Data Security, Inc, Mar. 1992Google Scholar
- 7.RSA Laboratories FAQ, Question 3.6.3, http://www.rsasecurity.com/rsalabs/faq/3-6-3.html.
- 8.Schneier, B., “Applied Cryptography”, New York: Wiley, 1996.Google Scholar