Comprehensive Analysis of Initial Keystream Biases of RC4
Summary :
After the disclosure of the RC4 algorithm in 1994, a number of keystream biases of RC4 were reported, e.g., Mantin and Shamir showed that the second byte of the keystream is biased to 0, Sepehrdad et al. found that the l-th byte of the keystream is biased to -l, and Maitra et al. showed that 3rd to 255th bytes of the keystream are also biased to 0, where l is the keylength in byte. However, it is unknown that which bias is strongest in each byte of initial bytes. This paper comprehensively analyzes initial keystream biases of RC4. In particular, we introduce several new biases in the initial (1st to 257th) bytes of the RC4 keystream, which are substantially stronger than known biases. Combining the new biases with the known ones, a complete list of strongest single-byte biases in the first 257bytes of the RC4 keystream is constructed for the first time. Then, we show that our set of these biases are applicable to plaintext recovery attacks, key recovery attacks and distinguishing attacks.
- Publication
- IEICE TRANSACTIONS on Fundamentals Vol.E97-A No.1 pp.139-151
- Publication Date
- 2014/01/01
- Publicized
- Online ISSN
- 1745-1337
- DOI
- 10.1587/transfun.E97.A.139
- Type of Manuscript
- Special Section PAPER (Special Section on Cryptography and Information Security)
- Category
- Symmetric Key Based Cryptography
Authors
Takanori ISOBE
Kobe University
Toshihiro OHIGASHI
Hiroshima University
Yuhei WATANABE
Kobe University
Masakatu MORII
Kobe University
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Takanori ISOBE, Toshihiro OHIGASHI, Yuhei WATANABE, Masakatu MORII, "Comprehensive Analysis of Initial Keystream Biases of RC4" in IEICE TRANSACTIONS on Fundamentals,
vol. E97-A, no. 1, pp. 139-151, January 2014, doi: 10.1587/transfun.E97.A.139.
Abstract: After the disclosure of the RC4 algorithm in 1994, a number of keystream biases of RC4 were reported, e.g., Mantin and Shamir showed that the second byte of the keystream is biased to 0, Sepehrdad et al. found that the l-th byte of the keystream is biased to -l, and Maitra et al. showed that 3rd to 255th bytes of the keystream are also biased to 0, where l is the keylength in byte. However, it is unknown that which bias is strongest in each byte of initial bytes. This paper comprehensively analyzes initial keystream biases of RC4. In particular, we introduce several new biases in the initial (1st to 257th) bytes of the RC4 keystream, which are substantially stronger than known biases. Combining the new biases with the known ones, a complete list of strongest single-byte biases in the first 257bytes of the RC4 keystream is constructed for the first time. Then, we show that our set of these biases are applicable to plaintext recovery attacks, key recovery attacks and distinguishing attacks.
URL: https://globals.ieice.org/en_transactions/fundamentals/10.1587/transfun.E97.A.139/_p
Copy
@ARTICLE{e97-a_1_139,
author={Takanori ISOBE, Toshihiro OHIGASHI, Yuhei WATANABE, Masakatu MORII, },
journal={IEICE TRANSACTIONS on Fundamentals},
title={Comprehensive Analysis of Initial Keystream Biases of RC4},
year={2014},
volume={E97-A},
number={1},
pages={139-151},
abstract={After the disclosure of the RC4 algorithm in 1994, a number of keystream biases of RC4 were reported, e.g., Mantin and Shamir showed that the second byte of the keystream is biased to 0, Sepehrdad et al. found that the l-th byte of the keystream is biased to -l, and Maitra et al. showed that 3rd to 255th bytes of the keystream are also biased to 0, where l is the keylength in byte. However, it is unknown that which bias is strongest in each byte of initial bytes. This paper comprehensively analyzes initial keystream biases of RC4. In particular, we introduce several new biases in the initial (1st to 257th) bytes of the RC4 keystream, which are substantially stronger than known biases. Combining the new biases with the known ones, a complete list of strongest single-byte biases in the first 257bytes of the RC4 keystream is constructed for the first time. Then, we show that our set of these biases are applicable to plaintext recovery attacks, key recovery attacks and distinguishing attacks.},
keywords={},
doi={10.1587/transfun.E97.A.139},
ISSN={1745-1337},
month={January},}
Copy
TY - JOUR
TI - Comprehensive Analysis of Initial Keystream Biases of RC4
T2 - IEICE TRANSACTIONS on Fundamentals
SP - 139
EP - 151
AU - Takanori ISOBE
AU - Toshihiro OHIGASHI
AU - Yuhei WATANABE
AU - Masakatu MORII
PY - 2014
DO - 10.1587/transfun.E97.A.139
JO - IEICE TRANSACTIONS on Fundamentals
SN - 1745-1337
VL - E97-A
IS - 1
JA - IEICE TRANSACTIONS on Fundamentals
Y1 - January 2014
AB - After the disclosure of the RC4 algorithm in 1994, a number of keystream biases of RC4 were reported, e.g., Mantin and Shamir showed that the second byte of the keystream is biased to 0, Sepehrdad et al. found that the l-th byte of the keystream is biased to -l, and Maitra et al. showed that 3rd to 255th bytes of the keystream are also biased to 0, where l is the keylength in byte. However, it is unknown that which bias is strongest in each byte of initial bytes. This paper comprehensively analyzes initial keystream biases of RC4. In particular, we introduce several new biases in the initial (1st to 257th) bytes of the RC4 keystream, which are substantially stronger than known biases. Combining the new biases with the known ones, a complete list of strongest single-byte biases in the first 257bytes of the RC4 keystream is constructed for the first time. Then, we show that our set of these biases are applicable to plaintext recovery attacks, key recovery attacks and distinguishing attacks.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
