Attack on Broadcast RC4 Revisited

  • Subhamoy Maitra
  • Goutam Paul
  • Sourav Sen Gupta
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6733)

Abstract

In this paper, contrary to the claim of Mantin and Shamir (FSE 2001), we prove that there exist biases in the initial bytes (3 to 255) of the RC4 keystream towards zero. These biases immediately provide distinguishers for RC4. Additionally, the attack on broadcast RC4 to recover the second byte of the plaintext can be extended to recover the bytes 3 to 255 of the plaintext given Ω(N3) many ciphertexts. Further, we also study the non-randomness of index j for the first two rounds of PRGA, and identify a strong bias of j2 towards 4. This in turn provides us with certain state information from the second keystream byte.

Keywords

Bias Broadcast RC4 Cryptanalysis Distinguishing Attack Keystream RC4 Stream Cipher 

References

  1. 1.
    Jenkins, R.J.: ISAAC and RC4 (1996), http://burtleburtle.net/bob/rand/isaac.html
  2. 2.
    Maitra, S., Paul, G.: New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 253–269. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Mantin, I.: Analysis of the stream cipher RC4. Master’s Thesis, The Weizmann Institute of Science, Israel (2001), http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Mantin1.zip
  4. 4.
    Mantin, I.: Predicting and Distinguishing Attacks on RC4 Keystream Generator. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 491–506. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Mantin, I., Shamir, A.: A Practical Attack on Broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Maximov, A., Khovratovich, D.: New State Recovery Attack on RC4. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 297–316. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Mironov, I.: (Not So) Random Shuffles of RC4. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 304–319. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Sepehrdad, P., Vaudenay, S., Vuagnoux, M.: Discovery and Exploitation of New Biases in RC4. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 74–91. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  9. 9.
    Sepehrdad, P., Vaudenay, S., Vuagnoux, M.: Statistical Attack on RC4 Distinguishing WPA. Accepted at EUROCRYPT 2011 (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Subhamoy Maitra
    • 1
  • Goutam Paul
    • 2
  • Sourav Sen Gupta
    • 1
  1. 1.Applied Statistics UnitIndian Statistical InstituteKolkataIndia
  2. 2.Department of Computer Science and EngineeringJadavpur UniversityKolkataIndia

Personalised recommendations