New Results on Generalization of Roos-Type Biases and Related Keystreams of RC4
The first known result on RC4 cryptanalysis (presented by Roos in 1995) points out that the most likely value of the y-th element of the permutation after the key scheduling algorithm (KSA) for the first few values of y is given by SN[y] = fy, some linear combinations of the secret keys. While it should have been quite natural to study the association SN[y] = fy ±t for small positive integers t (e.g., t ≤ 4), surprisingly that had never been tried before. In this paper, we study that problem for the first time and show that though the event SN[y] = fy + t occurs with random association, there is a significantly high probability for the event SN[y] = fy − t. We also present several related non-randomness behaviour for the event SN[SN[y]] = fy − t of RC4 KSA in this direction. Further, we investigate near-colliding keys that lead to related states after the KSA and related keystream bytes. Our investigation reveals that near-colliding states do not necessarily lead to near-colliding keystreams. From this motivation, we present a heuristic to find a related key pair with differences in two bytes, that lead to significant matches in the initial keystream. In the process, we discover a class of related key distinguishers for RC4. The best one of these shows that given a random key and a related one to that (the last two bytes increased and decreased by 1 respectively), the first pair of bytes corresponding to the related keys are same with very high probability (e.g., approximately 0.011 for 16-byte keys to 0.044 for 30-byte keys).
KeywordsBias Cryptanalysis Near Collision RC4 Related Key Distinguisher Stream Cipher
Unable to display preview. Download preview PDF.
- 2.Biham, E., Dunkelman, O.: Differential Cryptanalysis in Stream Ciphers. IACR Eprint Server, eprint.iacr.org, number 2007/218 (June 6, 2007)Google Scholar
- 4.Grosul, A.L., Wallach, D.S.: A Related Key Cryptanalysis of RC4 (July 6, 2000), http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/GrosulWallach.ps
- 5.Klein, A.: Attacks on the RC4 stream cipher. Later appeared in Designs, Codes and Cryptography 48(3), 269–286 (2006, 2008)Google Scholar
- 10.Paul, G., Maitra, S.: RC4 Stream Cipher and Its Variants. CRC Press (2011)Google Scholar
- 11.Roos, A.: A class of weak keys in the RC4 stream cipher. Posts in sci.crypt, message-id firstname.lastname@example.org and email@example.com (1995)Google Scholar
- 12.Sen Gupta, S., Maitra, S., Paul, G., Sarkar, S. (Non-)Random Sequences from (Non-)Random Permutations - Analysis of RC4 stream cipher. To appear in Journal of Cryptology (November 3, 2012) (accepted), http://eprint.iacr.org/2011/448