New Results on Generalization of Roos-Type Biases and Related Keystreams of RC4

  • Subhamoy Maitra
  • Goutam Paul
  • Santanu Sarkar
  • Michael Lehmann
  • Willi Meier
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7918)

Abstract

The first known result on RC4 cryptanalysis (presented by Roos in 1995) points out that the most likely value of the y-th element of the permutation after the key scheduling algorithm (KSA) for the first few values of y is given by SN[y] = fy, some linear combinations of the secret keys. While it should have been quite natural to study the association SN[y] = fy ±t for small positive integers t (e.g., t ≤ 4), surprisingly that had never been tried before. In this paper, we study that problem for the first time and show that though the event SN[y] = fy + t occurs with random association, there is a significantly high probability for the event SN[y] = fy − t. We also present several related non-randomness behaviour for the event SN[SN[y]] = fy − t of RC4 KSA in this direction. Further, we investigate near-colliding keys that lead to related states after the KSA and related keystream bytes. Our investigation reveals that near-colliding states do not necessarily lead to near-colliding keystreams. From this motivation, we present a heuristic to find a related key pair with differences in two bytes, that lead to significant matches in the initial keystream. In the process, we discover a class of related key distinguishers for RC4. The best one of these shows that given a random key and a related one to that (the last two bytes increased and decreased by 1 respectively), the first pair of bytes corresponding to the related keys are same with very high probability (e.g., approximately 0.011 for 16-byte keys to 0.044 for 30-byte keys).

Keywords

Bias Cryptanalysis Near Collision RC4 Related Key Distinguisher Stream Cipher 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Basu, R., Ganguly, S., Maitra, S., Paul, G.: A Complete Characterization of the Evolution of RC4 Pseudo Random Generation Algorithm. Journal of Mathematical Cryptology 2(3), 257–289 (2008)MathSciNetMATHCrossRefGoogle Scholar
  2. 2.
    Biham, E., Dunkelman, O.: Differential Cryptanalysis in Stream Ciphers. IACR Eprint Server, eprint.iacr.org, number 2007/218 (June 6, 2007)Google Scholar
  3. 3.
    Chen, J., Miyaji, A.: How to Find Short RC4 Colliding Key Pairs. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 32–46. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  4. 4.
    Grosul, A.L., Wallach, D.S.: A Related Key Cryptanalysis of RC4 (July 6, 2000), http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/GrosulWallach.ps
  5. 5.
    Klein, A.: Attacks on the RC4 stream cipher. Later appeared in Designs, Codes and Cryptography 48(3), 269–286 (2006, 2008)Google Scholar
  6. 6.
    Maitra, S., Paul, G.: New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 253–269. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  7. 7.
    Mantin, I., Shamir, A.: A Practical Attack on Broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Matsui, M.: Key Collisions of the RC4 Stream Cipher. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 38–50. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  9. 9.
    Paul, G., Maitra, S.: Permutation After RC4 Key Scheduling Reveals the Secret Key. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 360–377. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  10. 10.
    Paul, G., Maitra, S.: RC4 Stream Cipher and Its Variants. CRC Press (2011)Google Scholar
  11. 11.
    Roos, A.: A class of weak keys in the RC4 stream cipher. Posts in sci.crypt, message-id 43u1eh$1j3@hermes.is.co.za and 44ebge$llf@hermes.is.co.za (1995)Google Scholar
  12. 12.
    Sen Gupta, S., Maitra, S., Paul, G., Sarkar, S. (Non-)Random Sequences from (Non-)Random Permutations - Analysis of RC4 stream cipher. To appear in Journal of Cryptology (November 3, 2012) (accepted), http://eprint.iacr.org/2011/448

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Subhamoy Maitra
    • 1
  • Goutam Paul
    • 2
  • Santanu Sarkar
    • 3
  • Michael Lehmann
    • 4
  • Willi Meier
    • 4
  1. 1.Applied Statistics UnitIndian Statistical InstituteKolkataIndia
  2. 2.Department of Computer Science and EngineeringJadavpur UniversityKolkataIndia
  3. 3.Chennai Mathematical InstituteChennaiIndia
  4. 4.FHNWWindischSwitzerland

Personalised recommendations