Abstract
The first known result on RC4 cryptanalysis (presented by Roos in 1995) points out that the most likely value of the y-th element of the permutation after the key scheduling algorithm (KSA) for the first few values of y is given by S N [y] = f y , some linear combinations of the secret keys. While it should have been quite natural to study the association S N [y] = f y ±t for small positive integers t (e.g., t ≤ 4), surprisingly that had never been tried before. In this paper, we study that problem for the first time and show that though the event S N [y] = f y + t occurs with random association, there is a significantly high probability for the event S N [y] = f y − t. We also present several related non-randomness behaviour for the event S N [S N [y]] = f y − t of RC4 KSA in this direction. Further, we investigate near-colliding keys that lead to related states after the KSA and related keystream bytes. Our investigation reveals that near-colliding states do not necessarily lead to near-colliding keystreams. From this motivation, we present a heuristic to find a related key pair with differences in two bytes, that lead to significant matches in the initial keystream. In the process, we discover a class of related key distinguishers for RC4. The best one of these shows that given a random key and a related one to that (the last two bytes increased and decreased by 1 respectively), the first pair of bytes corresponding to the related keys are same with very high probability (e.g., approximately 0.011 for 16-byte keys to 0.044 for 30-byte keys).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Basu, R., Ganguly, S., Maitra, S., Paul, G.: A Complete Characterization of the Evolution of RC4 Pseudo Random Generation Algorithm. Journal of Mathematical Cryptology 2(3), 257–289 (2008)
Biham, E., Dunkelman, O.: Differential Cryptanalysis in Stream Ciphers. IACR Eprint Server, eprint.iacr.org, number 2007/218 (June 6, 2007)
Chen, J., Miyaji, A.: How to Find Short RC4 Colliding Key Pairs. In: Lai, X., Zhou, J., Li, H. (eds.) ISC 2011. LNCS, vol. 7001, pp. 32–46. Springer, Heidelberg (2011)
Grosul, A.L., Wallach, D.S.: A Related Key Cryptanalysis of RC4 (July 6, 2000), http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/GrosulWallach.ps
Klein, A.: Attacks on the RC4 stream cipher. Later appeared in Designs, Codes and Cryptography 48(3), 269–286 (2006, 2008)
Maitra, S., Paul, G.: New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 253–269. Springer, Heidelberg (2008)
Mantin, I., Shamir, A.: A Practical Attack on Broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2002)
Matsui, M.: Key Collisions of the RC4 Stream Cipher. In: Dunkelman, O. (ed.) FSE 2009. LNCS, vol. 5665, pp. 38–50. Springer, Heidelberg (2009)
Paul, G., Maitra, S.: Permutation After RC4 Key Scheduling Reveals the Secret Key. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol. 4876, pp. 360–377. Springer, Heidelberg (2007)
Paul, G., Maitra, S.: RC4 Stream Cipher and Its Variants. CRC Press (2011)
Roos, A.: A class of weak keys in the RC4 stream cipher. Posts in sci.crypt, message-id 43u1eh$1j3@hermes.is.co.za and 44ebge$llf@hermes.is.co.za (1995)
Sen Gupta, S., Maitra, S., Paul, G., Sarkar, S. (Non-)Random Sequences from (Non-)Random Permutations - Analysis of RC4 stream cipher. To appear in Journal of Cryptology (November 3, 2012) (accepted), http://eprint.iacr.org/2011/448
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Maitra, S., Paul, G., Sarkar, S., Lehmann, M., Meier, W. (2013). New Results on Generalization of Roos-Type Biases and Related Keystreams of RC4. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds) Progress in Cryptology – AFRICACRYPT 2013. AFRICACRYPT 2013. Lecture Notes in Computer Science, vol 7918. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38553-7_13
Download citation
DOI: https://doi.org/10.1007/978-3-642-38553-7_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38552-0
Online ISBN: 978-3-642-38553-7
eBook Packages: Computer ScienceComputer Science (R0)