Proving empirical key-correlations in RC4

In view of the recent attacks on practical network protocols like WEP, WPA and TLS, there has been a renewed interest in the non-random behavior of RC4, the stream cipher that constitutes the core of all these protocols. While most of the non-random events in the cipher, more commonly known as 'biases', are initially reported as experimental observations, it is equally important to present theoretical proofs of such biases to justify the attacks based on these. In this paper, we provide theoretical proofs of all significant empirical correlations between the initial bytes of the RC4 keystream and its secret key, as experimentally observed by Sepehrdad, Vaudenay and Vuagnoux in SAC 2010.

[1]  Goutam Paul,et al.  (Non-)Random Sequences from (Non-)Random Permutations—Analysis of RC4 Stream Cipher , 2012, Journal of Cryptology.

[2]  Goutam Paul,et al.  Proof of Empirical RC4 Biases and New Key Correlations , 2011, Selected Areas in Cryptography.

[3]  Adi Shamir,et al.  A Practical Attack on Broadcast RC4 , 2001, FSE.

[4]  Itsik Mantin,et al.  A Practical Attack on the Fixed RC4 in the WEP Mode , 2005, ASIACRYPT.

[5]  Kenneth G. Paterson,et al.  On the Security of RC4 in TLS , 2013, USENIX Security Symposium.

[6]  Goutam Paul,et al.  On non-negligible bias of the first output byte of RC4 towards the first three bytes of the secret key , 2008, Des. Codes Cryptogr..

[7]  Serge Vaudenay,et al.  Statistical Attack on RC4 - Distinguishing WPA , 2011, EUROCRYPT.

[8]  Serge Vaudenay,et al.  Discovery and Exploitation of New Biases in RC4 , 2010, Selected Areas in Cryptography.

[9]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[10]  Andreas Klein,et al.  Attacks on the RC4 stream cipher , 2008, Des. Codes Cryptogr..

[11]  Goutam Paul,et al.  Permutation After RC4 Key Scheduling Reveals the Secret Key , 2007, Selected Areas in Cryptography.

[12]  Serge Vaudenay,et al.  Passive-Only Key Recovery Attacks on RC4 , 2007, Selected Areas in Cryptography.