Generalized Classes of Weak Keys on RC4 Using Predictive State
نویسندگان
چکیده
Conventional class of weak keys on RC4 stream cipher is defined as a specific case that combinations of the first three bytes of secret key satisfy two relational equations. This paper expands and generalizes the classes of weak keys using generalized relational equations and special classes of the internal state (called predictive state). We derive the probability that generalized classes of weak keys leak the information of bytes of the secret key. Furthermore, we enumerate the generalized classes of weak keys and show that most of them leak more information of the secret key than Roos’ one. key words: cryptanalysis, stream cipher, RC4, weak key, predictive state
منابع مشابه
The Perils of Repeating Patterns: Observation of Some Weak Keys in RC4
We describe some observed trivially weak keys for the stream cipher RC4. Keys with repeating patterns are found to be key length invariant. The cause of the problem is the simplistic key dependent state permutation in the RC4 initialization. Introduction While writing the draft for RFC 6229 [1] and testing suitable test vectors, we observed that for some keys with different lengths, the stream ...
متن کاملWeaknesses in the Key Scheduling Algorithm of RC4
In this paper we present several weaknesses in the key scheduling algorithm of RC4, and describe their cryptanalytic significance. We identify a large number of weak keys, in which knowledge of a small number of key bits suffices to determine many state and output bits with non-negligible probability. We use these weak keys to construct new distinguishers for RC4, and to mount related key attac...
متن کاملOn the Entropy of Arcfour Keys
Arcfour is a stream cipher that produces a byte keystream B fbig i where a keyK is used to select the initial state S and the bi are produced by the state transition Si Si Let the byte length of K be jKj and let S K be the initial state produced by K Two keys K K are considered equivalent if S K S K and further K is weak if jK j jK j We show that there is a class of weak keys based on the notio...
متن کاملA New Class of RC4 Colliding Key Pairs with Greater Hamming Distance
In this paper, we discovered a new class of colliding key pairs of RC4, namely, two different secret keys generate the same internal state after RC4’s key scheduling algorithm. This is to our knowledge the first discovery of RC4 colliding keys with hamming distance greater than one, that is, the colliding key pairs we found can differ from each other at three different positions, and the value ...
متن کاملKey-Dependent Weak IVs and Weak Keys in WEP - How to Trace Conditions Back to Their Patterns -
The WEP (Wired Equivalent Privacy) is a part of IEEE 802.11 standard designed for protecting over the air communication. While almost all of the WLAN (Wireless LAN) cards and the APs (Access Points) support WEP, a serious key recovery attack (aka FMS attack) was identified by Fluhrer et al. The attack was then extended and implemented as WEP cracking tools. The key recovery attacks can basicall...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IEICE Transactions
دوره 94-A شماره
صفحات -
تاریخ انتشار 2011