On Non-randomness of the Permutation After RC4 Key Scheduling
نویسندگان
چکیده
Here we study a weakness of the RC4 Key Scheduling Algorithm (KSA) that has already been noted by Mantin and Mironov. Consider the RC4 permutation S of N (usually 256) bytes and denote it by SN after the KSA. Under reasonable assumptions we present a simple proof that each permutation byte after the KSA is significantly biased (either positive or negative) towards many values in the range 0, . . . , N − 1. These biases are independent of the secret key and thus present an evidence that the permutation after the KSA can be distinguished from random permutation without any assumption on the secret key. We also present a detailed empirical study over Mantin’s work when the theoretical formulae vary significantly from experimental results due to repetition of short keys in RC4. Further, it is explained how these results can be used to identify new distinguishers for RC4 keystream.
منابع مشابه
RC 4 State Information at Any Stage Reveals the
A theoretical analysis of the RC4 Key Scheduling Algorithm (KSA) is presented in this paper, where the nonlinear operation is swapping among the permutation bytes. Explicit formulae are provided for the probabilities with which the permutation bytes at any stage of the KSA are biased to the secret key. Theoretical proofs of these formulae have been left open since Roos’s work (1995). Based on t...
متن کاملRandomized Stopping Times and Provably Secure Pseudorandom Permutation Generators
Conventionally, key-scheduling algorithm (KSA) of a cryptographic scheme runs for predefined number of steps. We suggest a different approach by utilization of randomized stopping rules to generate permutations which are indistinguishable from uniform ones. We explain that if the stopping time of such a shuffle is a Strong Stationary Time and bits of the secret key are not reused then these alg...
متن کاملOn a new properties of random number sequences ,a randomness test and a new RC4’s key scheduling algorithm
In this paper, we introduce the concept of the derivative of sequence of numbers and define new statistical indices by which we discoverd new properties of randomly generated number sequences. We also build a test for pseudo random generators based on these properties and use it to confirm the weakness of RC4 key scheduling algorithm that has been reported in the litterature. In this rescpect w...
متن کاملVMPC-R Cryptographically Secure Pseudo-Random Number Generator Alternative to RC4
We present a new Cryptographically Secure Pseudo-Random Number Generator. It uses permutations as its internal state, similarly to the RC4 stream cipher. We describe a statistical test which revealed non-random patterns in a sample of 2 outputs of a 3-bit RC4. Our new algorithm produced 2 undistinguishable from random 3-bit outputs in the same test. We probed 2 outputs of the algorithm in diffe...
متن کاملNew Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4
Consider the permutation S in RC4. Roos pointed out in 1995 that after the Key Scheduling Algorithm (KSA) of RC4, the initial bytes of the permutation, i.e., S[y] for small values of y are biased towards some linear combination of secret key bytes. In this paper, for the first time we show that the bias can be observed in S[S[y]] too. Based on this new form of permuatation bias after the KSA an...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2007 شماره
صفحات -
تاریخ انتشار 2007