A complete characterization of the evolution of RC4 pseudo random generation algorithm

@inproceedings{Basu2008ACC,
  title={A complete characterization of the evolution of RC4 pseudo random generation algorithm},
  author={Riddhipratim Basu and Shirshendu Ganguly and Subhamoy Maitra and Goutam Paul},
  booktitle={J. Math. Cryptol.},
  year={2008}
}
Abstract In this paper, we provide a complete characterization of the RC4 Pseudo Random Generation Algorithm (PRGA) for one step: i = i + 1; j = j + S[i]; swap(S[i], S[j]); z = S[S[i] + S[j]]. This is the first time such an involved description is presented to get a concise view of how RC4 PRGA evolves. Considering all the permutations (we also keep in mind the Finney states), we find that the distribution of z is not uniform given i, j. A corollary of this result shows that information about j… 

Tables from this paper

New Results on Generalization of Roos-Type Biases and Related Keystreams of RC4
TLDR
This paper studies the problem of near-colliding keys that lead to related states after the KSA and related keystream bytes, and presents a heuristic to find a related key pair with differences in two bytes, that leads to significant matches in the initial keystream.
PCG : A Family of Simple Fast Space-Efficient Statistically Good Algorithms for Random Number Generation
TLDR
This paper presents a new uniform pseudorandom number generation scheme that is both extremely practical and statistically good and provides many of the benefits provided by cryptographically secure generators without the overheads usually associated with those generators.
(Non-)Random Sequences from (Non-)Random Permutations—Analysis of RC4 Stream Cipher
TLDR
The effect of RC4 keylength on its keystream is investigated, and significant biases involving the length of the secret key are reported, and the existence of positive biases towards zero for all the initial bytes 3 to 255 is proved and exploited towards a generalized broadcast attack on RC4.
Some observations on HC-128
TLDR
This paper uses linear approximation of the addition modulo 2n of three n-bit integers to identify linear approximations of g1, g2, the feedback functions of HC- 128 and presents a new distinguisher for HC-128 which is slightly weaker than Wu’s distinguisher.
Proving TLS-attack related open biases of RC4
TLDR
The current article proves these new and unproved biases in RC4, and in the process discovers intricate non-randomness within the cipher, and proves the anomaly in the 128th element of the permutation after the key scheduling algorithm.
The Perils of Repeating Patterns: Observation of Some Weak Keys in RC4
TLDR
Some observed trivially weak keys for the stream cipher RC4 are described, found to be key length invariant and the cause of the problem is the simplistic key dependent state permutation in the RC4 initialization.
Optimization of the Security-Performance Tradeoff in RC4 Encryption Algorithm
TLDR
The results clearly indicate that the computation load of the proposed variants is significantly reduced as compared to the RC4+, concluding that the proposed schemes are computationally efficient.
NEW ATTACKS ON RC4A AND VMPC
TLDR
Modifications are proposed for RC4, RC4A and VMPC according to the strong and weak aspects and show that small changes in the design of these ciphers can increase or decrease their resistance against statistical bias attacks significantly.
All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS
TLDR
New biases in RC4 are presented, the Wi-Fi Protected Access Temporal Key Integrity Protocol (WPA-TKIP) is broken, and a practical plaintext recovery attack against the Transport Layer Security (TLS) protocol is designed.
A new and fast cryptographic hash function based on RC4
TLDR
RC4-BHF can run much faster compared to the existing well-known hash functions and is exceptionally fast on 8-bit processors.
...
1
2
3
...

References

SHOWING 1-9 OF 9 REFERENCES
New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4
TLDR
A complete framework is presented to show that many keystream output bytes of RC4 are significantly biased towards several linear combinations of the secret key bytes, and that these biases propagate further, once the information for the index jis revealed.
Predicting and Distinguishing Attacks on RC4 Keystream Generator
  • I. Mantin
  • Computer Science, Mathematics
    EUROCRYPT
  • 2005
TLDR
The statistical distribution of the keystream generator used by the stream ciphers RC4 and RC4A is analyzed to discovery of statistical biases of the digraphs distribution of RC4/RC4A generated streams, and a family of patterns in RC4 keystreams whose probabilities are several times their probabilities in random streams.
A Practical Attack on the Fixed RC4 in the WEP Mode
  • I. Mantin
  • Computer Science, Mathematics
    ASIACRYPT
  • 2005
In this paper we revisit a known but ignored weakness of the RC4 keystream generator, where secret state info leaks to the generated keystream, and show that this leakage, also known as Jenkins’
A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher
TLDR
A new pseudorandom bit generator, named RC4A, which is based on RC4’s exchange shuffle model is proposed, and it is shown that the new cipher offers increased resistance against most attacks that apply to RC4.
New State Recovery Attack on RC4
TLDR
A state recovery attack which accepts the keystream of a certain length, and recovers the internal state, and it is much smaller than the complexity of the best known previous attack 2779.
(Not So) Random Shuffles of RC4
TLDR
An idealized model of RC4 is proposed and a conservative estimate for the number of bytes that should be discarded in order to be safe is found, which recommends dumping at least 512 bytes.
Analysis Methods for (Alleged) RC4
TLDR
The analysis methods reveal intrinsic properties of alleged RC4 which are independent of the key scheduling and the key size, and the complexity of one of the attacks is estimated to be less than the time of searching through the square root of all possible initial states.
A Practical Attack on Broadcast RC4
TLDR
A major statistical weakness in RC4 makes it trivial to distinguish between short outputs of RC4 and random strings by analyzing their second bytes, which can be used to mount a practical ciphertext-only attack on RC4 in some broadcast applications.