Predicting and Distinguishing Attacks on RC4 Keystream Generator
نویسنده
چکیده
In this paper we analyze the statistical distribution of the keystream generator used by the stream ciphers RC4 and RC4A. Our first result is the discovery of statistical biases of the digraphs distribution of RC4/RC4A generated streams, where digraphs tend to repeat with short gaps between them. We show how an attacker can use these biased patterns to distinguish RC4 keystreams of 2 bytes and RC4A keystreams of 2 bytes from randomness with success rate of more than 2/3. Our second result is the discovery of a family of patterns in RC4 keystreams whose probabilities in RC4 keystreams are several times their probabilities in random streams. These patterns can be used to predict bits and words of RC4 with arbitrary advantage, e.g., after 2 output words a single bit can be predicted with probability of 85%, and after 2 output words a single byte can be predicted with probability of 82%, contradicting the unpredictability property of PRNGs.
منابع مشابه
Distinguishing Attacks on RC4 and A New Improvement of the Cipher
RC4, designed by Rivest in 1987, is the most widely deployed stream cipher in practical applications. In this paper, two new class of statistical biases inherent in RC4 are depicted and it is shown that the RC4 keystream is distinguishable from random no matter how many initial bytes have been dumped. RC4A, proposed by Paul and Preneel at FSE 2004 to strengthen the security of RC4, is also foun...
متن کاملA 32-bit RC4-like Keystream Generator
In this paper we propose a new 32-bit RC4 like keystream generator. The proposed generator produces 32 bits in each iteration and can be implemented in software with reasonable memory requirements. Our experiments show that this generator is 3.2 times faster than original 8-bit RC4. It has a huge internal state and offers higher resistance against state recovery attacks than the original 8-bit ...
متن کاملTowards a General RC4-Like Keystream Generator
RC4 was designed in 1987 when 8-bit and 16-bit processors were commercially available. Today, most processors use 32-bit or 64bit words but using original RC4 with 32/64 bits is infeasible due to the large memory constraints and the number of operations in the key scheduling algorithm. In this paper we propose a new 32/64-bit RC4like keystream generator. The proposed generator produces 32 or 64...
متن کاملA New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher
The paper presents a new statistical bias in the distribution of the first two output bytes of the RC4 keystream generator. The number of outputs required to reliably distinguish RC4 outputs from random strings using this bias is only 2 bytes. Most importantly, the bias does not disappear even if the initial 256 bytes are dropped. This paper also proposes a new pseudorandom bit generator, named...
متن کاملCryptanalysis of the Full Spritz Stream Cipher
Spritz is a stream cipher proposed by Rivest and Schuldt at the rump session of CRYPTO 2014. It is intended to be a replacement of the popular RC4 stream cipher. In this paper we propose distinguishing attacks on the full Spritz, based on a short-term bias in the first two bytes of a keystream and a long-term bias in the first two bytes of every cycle of N keystream bytes, where N is the size o...
متن کامل