Security Analysis of the RC4+ Stream Cipher

  • Subhadeep Banik
  • Santanu Sarkar
  • Raghu Kacker
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8250)


The RC4+ stream cipher was proposed by Maitra and Paul at Indocrypt 2008. The authors had claimed that RC4+ ironed out most of the weaknesses of the alleged RC4 stream cipher and was only marginally slower than RC4 in software. In this paper we show that it is possible to mount a distinguishing attack on RC4+ based on the bias of the first output byte. The distinguisher requires around 226 samples produced by different keys of RC4+. In the second part of the paper we study the possibility of mounting the differential fault attack on RC4 proposed by Biham et. al. in FSE 2005, on RC4+. We will show that that the RC4+ is vulnerable to differential fault attack and it is possible to recover the entire internal state of the cipher at the beginning of the PRGA by injecting around 217.2 faults.


Cryptanalysis Differential Fault Attack Distinguishing Attack RC4 RC4+ Stream Cipher 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Biham, E., Granboulan, L., Nguyen, P.Q.: Impossible Fault Analysis of RC4 and Differential Fault Analysis of RC4. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 359–367. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Das, A., Maitra, S., Paul, G., Sarkar, S.: Some Combinatorial Results towards State Recovery Attack on RC4. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 204–214. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Finney, H.: An RC4 cycle that can’t happen. Posting to sci.crypt (September 1994)Google Scholar
  4. 4.
    Gong, G., Gupta, K.C., Hell, M., Nawaz, Y.: Towards a General RC4-Like Keystream Generator. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 162–174. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Maitra, S., Paul, G.: Analysis of RC4 and Proposal of Additional Layers for Better Security Margin. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 27–39. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Mantin, I., Shamir, A.: A Practical Attack on Broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Maximov, A.: Two Linear Distinguishing Attacks on VMPC and RC4A and Weakness of RC4 Family of Stream Ciphers. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 342–358. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Maximov, A., Khovratovich, D.: New State Recovery Attack on RC4. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 297–316. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Nawaz, Y., Gupta, K.C., Gong, G.: A 32-bit RC4-like Keystream Generator. IACR Cryptology ePrint Archive 2005, 175 (2005)Google Scholar
  10. 10.
    Paul, S., Preneel, B.: A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 245–259. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Paul, S., Preneel, B.: On the (In)security of Stream Ciphers Based on Arrays and Modular Addition. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 69–83. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Tsunoo, Y., Saito, T., Kubo, H., Shigeri, M., Suzaki, T., Kawabata, T.: The Most Efficient Distinguishing Attack on VMPC and RC4A. In: SKEW (2005),
  13. 13.
    Tsunoo, Y., Saito, T., Kubo, H., Suzaki, T.: A Distinguishing Attack on a Fast Software-Implemented RC4-Like Stream Cipher. IEEE Transactions on Information Theory 53(9), 3250–3255 (2007)MathSciNetCrossRefGoogle Scholar
  14. 14.
    Zoltak, B.: VMPC One-Way Function and Stream Cipher. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 210–225. Springer, Heidelberg (2004)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Subhadeep Banik
    • 1
  • Santanu Sarkar
    • 2
  • Raghu Kacker
    • 2
  1. 1.Applied Statistics UnitIndian Statistical InstituteKolkataIndia
  2. 2.National Institute of Standards and TechnologyGaithersburgUSA

Personalised recommendations