A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher

  • Souradyuti Paul
  • Bart Preneel
Conference paper

DOI: 10.1007/978-3-540-25937-4_16

Part of the Lecture Notes in Computer Science book series (LNCS, volume 3017)
Cite this paper as:
Paul S., Preneel B. (2004) A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher. In: Roy B., Meier W. (eds) Fast Software Encryption. FSE 2004. Lecture Notes in Computer Science, vol 3017. Springer, Berlin, Heidelberg

Abstract

The paper presents a new statistical bias in the distribution of the first two output bytes of the RC4 keystream generator. The number of outputs required to reliably distinguish RC4 outputs from random strings using this bias is only 225 bytes. Most importantly, the bias does not disappear even if the initial 256 bytes are dropped. This paper also proposes a new pseudorandom bit generator, named RC4A, which is based on RC4’s exchange shuffle model. It is shown that the new cipher offers increased resistance against most attacks that apply to RC4. RC4A uses fewer operations per output byte and offers the prospect of implementations that can exploit its inherent parallelism to improve its performance further.

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Souradyuti Paul
    • 1
  • Bart Preneel
    • 1
  1. 1.Dept. ESAT/COSICKatholieke Universiteit LeuvenLeuven-HeverleeBelgium

Personalised recommendations