Security Analysis of the RC4+ Stream Cipher
The RC4+ stream cipher was proposed by Maitra and Paul at Indocrypt 2008. The authors had claimed that RC4+ ironed out most of the weaknesses of the alleged RC4 stream cipher and was only marginally slower than RC4 in software. In this paper we show that it is possible to mount a distinguishing attack on RC4+ based on the bias of the first output byte. The distinguisher requires around 226 samples produced by different keys of RC4+. In the second part of the paper we study the possibility of mounting the differential fault attack on RC4 proposed by Biham et. al. in FSE 2005, on RC4+. We will show that that the RC4+ is vulnerable to differential fault attack and it is possible to recover the entire internal state of the cipher at the beginning of the PRGA by injecting around 217.2 faults.
KeywordsCryptanalysis Differential Fault Attack Distinguishing Attack RC4 RC4+ Stream Cipher
Unable to display preview. Download preview PDF.
- 3.Finney, H.: An RC4 cycle that can’t happen. Posting to sci.crypt (September 1994)Google Scholar
- 9.Nawaz, Y., Gupta, K.C., Gong, G.: A 32-bit RC4-like Keystream Generator. IACR Cryptology ePrint Archive 2005, 175 (2005)Google Scholar
- 12.Tsunoo, Y., Saito, T., Kubo, H., Shigeri, M., Suzaki, T., Kawabata, T.: The Most Efficient Distinguishing Attack on VMPC and RC4A. In: SKEW (2005), http://www.ecrypt.eu.org/stream/papers.html