Security Analysis of the RC4+ Stream Cipher

Banik, Subhadeep; Sarkar, Santanu; Kacker, Raghu

doi:10.1007/978-3-319-03515-4_20

Subhadeep Banik¹⁸,
Santanu Sarkar¹⁹ &
Raghu Kacker¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8250))

Included in the following conference series:

International Conference on Cryptology in India

1152 Accesses
6 Citations

Abstract

The RC4+ stream cipher was proposed by Maitra and Paul at Indocrypt 2008. The authors had claimed that RC4+ ironed out most of the weaknesses of the alleged RC4 stream cipher and was only marginally slower than RC4 in software. In this paper we show that it is possible to mount a distinguishing attack on RC4+ based on the bias of the first output byte. The distinguisher requires around 2²⁶ samples produced by different keys of RC4+. In the second part of the paper we study the possibility of mounting the differential fault attack on RC4 proposed by Biham et. al. in FSE 2005, on RC4+. We will show that that the RC4+ is vulnerable to differential fault attack and it is possible to recover the entire internal state of the cipher at the beginning of the PRGA by injecting around 2^17.2 faults.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Biham, E., Granboulan, L., Nguyen, P.Q.: Impossible Fault Analysis of RC4 and Differential Fault Analysis of RC4. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 359–367. Springer, Heidelberg (2005)
Chapter Google Scholar
Das, A., Maitra, S., Paul, G., Sarkar, S.: Some Combinatorial Results towards State Recovery Attack on RC4. In: Jajodia, S., Mazumdar, C. (eds.) ICISS 2011. LNCS, vol. 7093, pp. 204–214. Springer, Heidelberg (2011)
Chapter Google Scholar
Finney, H.: An RC4 cycle that can’t happen. Posting to sci.crypt (September 1994)
Google Scholar
Gong, G., Gupta, K.C., Hell, M., Nawaz, Y.: Towards a General RC4-Like Keystream Generator. In: Feng, D., Lin, D., Yung, M. (eds.) CISC 2005. LNCS, vol. 3822, pp. 162–174. Springer, Heidelberg (2005)
Chapter Google Scholar
Maitra, S., Paul, G.: Analysis of RC4 and Proposal of Additional Layers for Better Security Margin. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 27–39. Springer, Heidelberg (2008)
Chapter Google Scholar
Mantin, I., Shamir, A.: A Practical Attack on Broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2002)
Chapter Google Scholar
Maximov, A.: Two Linear Distinguishing Attacks on VMPC and RC4A and Weakness of RC4 Family of Stream Ciphers. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 342–358. Springer, Heidelberg (2005)
Chapter Google Scholar
Maximov, A., Khovratovich, D.: New State Recovery Attack on RC4. In: Wagner, D. (ed.) CRYPTO 2008. LNCS, vol. 5157, pp. 297–316. Springer, Heidelberg (2008)
Chapter Google Scholar
Nawaz, Y., Gupta, K.C., Gong, G.: A 32-bit RC4-like Keystream Generator. IACR Cryptology ePrint Archive 2005, 175 (2005)
Google Scholar
Paul, S., Preneel, B.: A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 245–259. Springer, Heidelberg (2004)
Chapter Google Scholar
Paul, S., Preneel, B.: On the (In)security of Stream Ciphers Based on Arrays and Modular Addition. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol. 4284, pp. 69–83. Springer, Heidelberg (2006)
Chapter Google Scholar
Tsunoo, Y., Saito, T., Kubo, H., Shigeri, M., Suzaki, T., Kawabata, T.: The Most Efficient Distinguishing Attack on VMPC and RC4A. In: SKEW (2005), http://www.ecrypt.eu.org/stream/papers.html
Tsunoo, Y., Saito, T., Kubo, H., Suzaki, T.: A Distinguishing Attack on a Fast Software-Implemented RC4-Like Stream Cipher. IEEE Transactions on Information Theory 53(9), 3250–3255 (2007)
Article MathSciNet Google Scholar
Zoltak, B.: VMPC One-Way Function and Stream Cipher. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 210–225. Springer, Heidelberg (2004)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Applied Statistics Unit, Indian Statistical Institute, 203 B T Road, Kolkata, 700 108, India
Subhadeep Banik
National Institute of Standards and Technology, 100 Bureau Drive, Stop 8930, Gaithersburg, MD, 20899-8930, USA
Santanu Sarkar & Raghu Kacker

Authors

Subhadeep Banik
View author publications
You can also search for this author in PubMed Google Scholar
Santanu Sarkar
View author publications
You can also search for this author in PubMed Google Scholar
Raghu Kacker
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

R.C. Bose Centre for Cryptology and Security, Indian Statistical Institute, 203 B.T. Road, 700 108, Kolkata, India
Goutam Paul
EPFL - I&C - LASEC, INF 24, Station 14, 1015, Lausanne, Switzerland
Serge Vaudenay

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Banik, S., Sarkar, S., Kacker, R. (2013). Security Analysis of the RC4+ Stream Cipher. In: Paul, G., Vaudenay, S. (eds) Progress in Cryptology – INDOCRYPT 2013. INDOCRYPT 2013. Lecture Notes in Computer Science, vol 8250. Springer, Cham. https://doi.org/10.1007/978-3-319-03515-4_20

Download citation

DOI: https://doi.org/10.1007/978-3-319-03515-4_20
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-03514-7
Online ISBN: 978-3-319-03515-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics