How Not to Combine RC4 States

Banik, Subhadeep; Jha, Sonu

doi:10.1007/978-3-319-24126-5_6

Subhadeep Banik¹⁶ &
Sonu Jha¹⁷

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9354))

Included in the following conference series:

International Conference on Security, Privacy, and Applied Cryptography Engineering

956 Accesses
3 Citations

Abstract

Over the past few years, an attractive design paradigm has emerged, that aims to produce new stream cipher designs, by combining one or more independently produced RC4 states. The ciphers so produced turn out to be faster than RC4 on any software platform, mainly because the average number of internal operations used in the cipher per byte of keystream produced is usually lesser than RC4. One of the main efforts of the designers is to ensure that the existing weaknesses of RC4 are not carried over to the new ciphers so designed. In this work we will look at two such ciphers RC4B (proposed by Zhang et. al.) and Quad-RC4/m-RC4 (proposed by Maitra et. al.). We will propose distinguishing attacks against all these ciphers, and look at certain design flaws that made these ciphers vulnerable.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Partition (Number Theory), http://en.wikipedia.org/wiki/Partition_%28number_theory%29
Banik, S., Sarkar, S., Kacker, R.: Security analysis of the RC4+ stream cipher. In: Paul, G., Vaudenay, S. (eds.) INDOCRYPT 2013. LNCS, vol. 8250, pp. 297–307. Springer, Heidelberg (2013)
Chapter Google Scholar
Gong, G., Gupta, K.C., Hell, M., Nawaz, Y.: Towards a general RC4-like keystream generator. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 162–174. Springer, Heidelberg (2005)
Chapter Google Scholar
Lv, J., Zhang, B., Lin, D.: Distinguishing Attacks on RC4 and A New Improvement of the Cipher. Cryptology ePrint Archive: Report 2013/176
Google Scholar
Maitra, S.: Four Lines of Design to Forty Papers of Analysis: The RC4 Stream Cipher, http://www.isical.ac.in/~indocrypt/indo12.pdf
Maitra, S., Paul, G.: Analysis of RC4 and proposal of additional layers for better security margin. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 27–39. Springer, Heidelberg (2008)
Chapter Google Scholar
Mantin, I., Shamir, A.: A practical attack on broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2002)
Chapter Google Scholar
Maximov, A., Khovratovich, D.: New state recovery attack on RC4. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 297–316. Springer, Heidelberg (2008)
Chapter Google Scholar
Maximov, A.: Two linear distinguishing attacks on VMPC and RC4A and weakness of RC4 family of stream ciphers. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 342–358. Springer, Heidelberg (2005)
Chapter Google Scholar
Paul, G., Chattopadhyay, A.: Designing stream ciphers with scalable data-widths: a case study with HC-128. J. Cryptographic Engineering 4(2), 135–143 (2014)
Article Google Scholar
Paul, G., Maitra, S., Chattopadhyay, A.: Quad-RC4: Merging Four RC4 States towards a 32-bit Stream Cipher. IACR Cryptology eprint Archive 2013: 572 (2013)
Google Scholar
Paul, S., Preneel, B.: A new weakness in the RC4 keystream generator and an approach to improve the security of the cipher. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 245–259. Springer, Heidelberg (2004)
Chapter Google Scholar
Paul, S., Preneel, B.: On the (In)security of stream ciphers based on arrays and modular addition. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 69–83. Springer, Heidelberg (2006)
Chapter Google Scholar
Sarkar, S.: Further non-randomness in RC4, RC4A and VMPC. Cryptography and Communications 7(3), 317–330 (2015)
Article MathSciNet MATH Google Scholar
Tsunoo, Y., Saito, T., Kubo, H., Shigeri, M., Suzaki, T., Kawabata, T.: The Most Efficient Distinguishing Attack on VMPC and RC4A. In: SKEW 2005 (2005), http://www.ecrypt.eu.org/stream/papers.html
Zoltak, B.: VMPC one-way function and stream cipher. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 210–225. Springer, Heidelberg (2004)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

DTU Compute, Technical University of Denmark, Lyngby, 2800, Denmark
Subhadeep Banik
National Informatics Center, Sector V, Salt Lake, Kolkata, 91, India
Sonu Jha

Authors

Subhadeep Banik
View author publications
You can also search for this author in PubMed Google Scholar
Sonu Jha
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Subhadeep Banik .

Editor information

Editors and Affiliations

Indian Inst of Tech Kharagpur, Kharagpur, West Bengal, India
Rajat Subhra Chakraborty
Digital Security Group, Radboud University Nijmegen, Nijmegen, Gelderland, The Netherlands
Peter Schwabe
Dept. of Computer Science, University of Illinois at Chicago, Chicago, Illinois, USA
Jon Solworth

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Banik, S., Jha, S. (2015). How Not to Combine RC4 States. In: Chakraborty, R., Schwabe, P., Solworth, J. (eds) Security, Privacy, and Applied Cryptography Engineering. SPACE 2015. Lecture Notes in Computer Science(), vol 9354. Springer, Cham. https://doi.org/10.1007/978-3-319-24126-5_6

Download citation

DOI: https://doi.org/10.1007/978-3-319-24126-5_6
Published: 13 November 2015
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-24125-8
Online ISBN: 978-3-319-24126-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics