Security Analysis of the RC4+ Stream Cipher

The RC4+ stream cipher was proposed by Maitra and Paul at Indocrypt 2008. The authors had claimed that RC4+ ironed out most of the weaknesses of the alleged RC4 stream cipher and was only marginally slower than RC4 in software. In this paper we show that it is possible to mount a distinguishing attack on RC4+ based on the bias of the first output byte. The distinguisher requires around 226 samples produced by different keys of RC4+ . In the second part of the paper we study the possibility of mounting the differential fault attack on RC4 proposed by Biham et. al. in FSE 2005, on RC4+ . We will show that that the RC4+ is vulnerable to differential fault attack and it is possible to recover the entire internal state of the cipher at the beginning of the PRGA by injecting around 217.2 faults.

[1]  Alexander Maximov,et al.  New State Recovery Attack on RC4 , 2008, CRYPTO.

[2]  Goutam Paul,et al.  Analysis of RC4 and Proposal of Additional Layers for Better Security Margin , 2008, IACR Cryptol. ePrint Arch..

[3]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[4]  Bart Preneel,et al.  On the (In)security of Stream Ciphers Based on Arrays and Modular Addition , 2006, ASIACRYPT.

[5]  Kefei Chen,et al.  Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings , 2006, ASIACRYPT.

[6]  Yukiyasu Tsunoo,et al.  A Distinguishing Attack on a Fast Software-Implemented RC4-Like Stream Cipher , 2007, IEEE Transactions on Information Theory.

[7]  Bartosz Zoltak,et al.  VMPC One-Way Function and Stream Cipher , 2004, FSE.

[8]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[9]  Bart Preneel,et al.  A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher , 2004, FSE.

[10]  Adi Shamir,et al.  A Practical Attack on Broadcast RC4 , 2001, FSE.

[11]  Alexander Maximov Two Linear Distinguishing Attacks on VMPC and RC4A and Weakness of RC4 Family of Stream Ciphers , 2005, FSE.

[12]  Eli Biham,et al.  Impossible Fault Analysis of RC4 and Differential Fault Analysis of RC4 , 2005, FSE.

[13]  Guang Gong,et al.  A 32-bit RC4-like Keystream Generator , 2005, IACR Cryptol. ePrint Arch..

[14]  Vincent Rijmen,et al.  Progress in Cryptology - INDOCRYPT 2008, 9th International Conference on Cryptology in India, Kharagpur, India, December 14-17, 2008. Proceedings , 2008, INDOCRYPT.

[15]  Goutam Paul,et al.  Some Combinatorial Results towards State Recovery Attack on RC4 , 2011, ICISS.

[16]  Martin Hell,et al.  Towards a General RC4-Like Keystream Generator , 2005, CISC.