Generalized RC4 Key Collisions and Hash Collisions
نویسندگان
چکیده
In this paper, we discovered that RC4 can generate colliding key pairs with various hamming distances, other than those found by Matsui (with hamming distance one), and by Chen and Miyaji (with hamming distance three). We formalized RC4 colliding key pairs into two large patterns, namely, Transitional pattern and Self-Absorbing pattern, according to the behavior during KSA. The colliding key pairs found in the previous researches can be seen as either subsets of the Transitional pattern or of the Self-Absorbing pattern. We analyzed both patterns and clarified the relations among the probability of key collision, key length and hamming distances which yield the colliding key pairs. Also we show how to make use of the RC4 key collision patterns to find collisions of RC4-Hash function which was proposed in INDOCRYPT 2006. Some concrete experimental results (RC4-Hash collision and RC4 colliding key pairs) are also given in this paper.
منابع مشابه
Collisions for RC4-Hash
RC4-Hash is a variable digest length cryptographic hash function based on the design of the RC4 stream cipher. In this paper, we show that RC4-Hash is not collision resistant. Collisions for any digest length can be found with an expected effort of less than 2 compression function evaluations. This is extended to multicollisions for RC4-Hash. Finding a set of 2 colliding messages has an expecte...
متن کاملKey Collisions of the RC4 Stream Cipher
This paper studies “colliding keys” of RC4 that create the same initial state and hence generate the same pseudo-random byte stream. It is easy to see that RC4 has colliding keys when its key size is very large, but it was unknown whether such key collisions exist for shorter key sizes. We present a new state transition sequence of the key scheduling algorithm for a related key pair of an arbit...
متن کاملSecurity Analysis of Michael: The IEEE 802.11i Message Integrity Code
The latest IEEE 802.11i uses a keyed hash function, called Michael, as the message integrity code. This paper describes some properties and weaknesses of Michael. We provide a necessary and sufficient condition for finding collisions of Michael. Our observation reveals that the collision status of Michael only depends on the second last block message and the output of the block function in the ...
متن کاملSecurity Analysis of Michael: the IEEE 802.11i Message Integrity Code
The IEEE 802.11b standard employs a data security mechanism known as Wired Equivalent Privacy (WEP). WEP uses RC4 stream cipher for its data encryption and CRC-32 to check its message integrity. Recent research shows that WEP is not secure as it does not use RC4 and CRC-32 correctly. The latest IEEE 802.11i draft uses a new keyed hash function, called Michael, as the message integrity code. Thi...
متن کاملOn the Possibility of Constructing Meaningful Hash Collisions for Public Keys
It is sometimes argued (as in [4]) that finding meaningful hash collisions might prove difficult. We show that at least one of the arguments involved is wrong, by showing that for several common public key systems it is easy to construct pairs of meaningful and secure public key data that either collide or share other characteristics with the hash collisions as quickly constructed in [14]. We p...
متن کامل