Proof of Empirical RC4 Biases and New Key Correlations

  • Sourav Sen Gupta
  • Subhamoy Maitra
  • Goutam Paul
  • Santanu Sarkar
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7118)


In SAC 2010, Sepehrdad, Vaudenay and Vuagnoux have reported some empirical biases between the secret key, the internal state variables and the keystream bytes of RC4, by searching over a space of all linear correlations between the quantities involved. In this paper, for the first time, we give theoretical proofs for all such significant empirical biases. Our analysis not only builds a framework to justify the origin of these biases, it also brings out several new conditional biases of high order. We establish that certain conditional biases reported earlier are correlated with a third event with much higher probability. This gives rise to the discovery of new keylength-dependent biases of RC4, some as high as 50/N, where N is the size of the RC4 permutation. The new biases in turn result in successful keylength prediction from the initial keystream bytes of the cipher.


Conditional Bias Key Correlation Keylength Prediction RC4 


  1. 1.
    Fluhrer, S.R., Mantin, I., Shamir, A.: Weaknesses in the Key Scheduling Algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Klein, A.: Attacks on the RC4 stream cipher. Designs, Codes and Cryptography 48(3), 269–286 (2008)MathSciNetCrossRefMATHGoogle Scholar
  3. 3.
    LAN/MAN Standard Committee. ANSI/IEEE standard 802.11b: Wireless LAN Medium Access Control (MAC) and Physical Layer (phy) Specifications (1999)Google Scholar
  4. 4.
    LAN/MAN Standard Committee. ANSI/IEEE standard 802.11i: Amendment 6: Wireless LAN Medium Access Control (MAC) and Physical Layer (phy) Specifications. Draft 3 (2003)Google Scholar
  5. 5.
    Maitra, S., Paul, G., Sen Gupta, S.: Attack on Broadcast RC4 Revisited. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 199–217. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  6. 6.
    Mantin, I.: Analysis of the stream cipher RC4. Master’s Thesis, The Weizmann Institute of Science, Israel (2001),
  7. 7.
    Mantin, I., Shamir, A.: A Practical Attack on Broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Maximov, A., Khovratovich, D.: New State Recovery Attack on RC4. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 297–316. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  9. 9.
    Paul, G., Maitra, S.: On biases of permutation and keystream bytes of RC4 towards the secret key. Cryptography Communications 1, 225–268 (2009)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Paul, G., Rathi, S., Maitra, S.: On Non-negligible bias of the first output byte of RC4 towards the first three bytes of the secret key. Designs, Codes and Cryptography 49(1-3), 123–134 (2008)MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    Roos, A.: A class of weak keys in the RC4 stream cipher. Two posts in sci.crypt, message-id, (1995),
  12. 12.
    Sepehrdad, P., Vaudenay, S., Vuagnoux, M.: Discovery and Exploitation of New Biases in RC4. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) SAC 2010. LNCS, vol. 6544, pp. 74–91. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  13. 13.
    Sepehrdad, P., Vaudenay, S., Vuagnoux, M.: Statistical Attack on RC4. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 343–363. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Vaudenay, S., Vuagnoux, M.: Passive–Only Key Recovery Attacks on RC4. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 344–359. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  15. 15.
    Wagner, D.: My RC4 weak keys. Post in sci.crypt, message-id 447o1l$cbj@cnn.Princeton.EDU. (September 26, 1995),

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Sourav Sen Gupta
    • 1
  • Subhamoy Maitra
    • 1
  • Goutam Paul
    • 2
  • Santanu Sarkar
    • 1
  1. 1.Applied Statistics UnitIndian Statistical InstituteKolkataIndia
  2. 2.Dept. of Computer Science and Engg.Jadavpur UniversityKolkataIndia

Personalised recommendations