Analysis of RC4 and Proposal of Additional Layers for Better Security Margin

In this paper, the RC4 Key Scheduling Algorithm (KSA) is theoretically studied to reveal non-uniformity in the expected number of times each value of the permutation is touched by the indices i , j . Based on our analysis and the results available in the literature regarding the existing weaknesses of RC4, few additional layers over the RC4 KSA and RC4 Pseudo-Random Generation Algorithm (PRGA) are proposed. Analysis of the modified cipher (we call it RC4 + ) shows that this new strategy avoids existing weaknesses of RC4.

[1]  A. M. Abdullah,et al.  Wireless lan medium access control (mac) and physical layer (phy) specifications , 1997 .

[2]  Jovan Dj. Golic,et al.  Linear Statistical Weakness of Alleged RC4 Keystream Generator , 1997, EUROCRYPT.

[3]  Vincent Rijmen,et al.  Analysis Methods for (Alleged) RC4 , 1998, ASIACRYPT.

[4]  Donald E. Knuth,et al.  The art of computer programming, volume 3: (2nd ed.) sorting and searching , 1998 .

[5]  Scott R. Fluhrer,et al.  Statistical Analysis of the Alleged RC4 Keystream Generator , 2000, FSE.

[6]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[7]  Adi Shamir,et al.  A Practical Attack on Broadcast RC4 , 2001, FSE.

[8]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[9]  Ilya Mironov,et al.  (Not So) Random Shuffles of RC4 , 2002, IACR Cryptol. ePrint Arch..

[10]  John Ioannidis,et al.  Using the Fluhrer, Mantin, and Shamir Attack to Break WEP , 2002, NDSS.

[11]  Bart Preneel,et al.  Analysis of Non-fortuitous Predictive States of the RC4 Keystream Generator , 2003, INDOCRYPT.

[12]  Bartosz Zoltak,et al.  VMPC One-Way Function and Stream Cipher , 2004, FSE.

[13]  Bart Preneel,et al.  A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher , 2004, FSE.

[14]  Itsik Mantin,et al.  Predicting and Distinguishing Attacks on RC4 Keystream Generator , 2005, EUROCRYPT.

[15]  Martin Hell,et al.  Towards a General RC4-Like Keystream Generator , 2005, CISC.

[16]  T. Suzaki,et al.  The Most Efficient Distinguishing Attack on VMPC and RC 4 A , 2005 .

[17]  Alexander Maximov Two Linear Distinguishing Attacks on VMPC and RC4A and Weakness of RC4 Family of Stream Ciphers , 2005, FSE.

[18]  Palash Sarkar,et al.  New Applications of Time Memory Data Tradeoffs , 2005, ASIACRYPT.

[19]  Itsik Mantin,et al.  A Practical Attack on the Fixed RC4 in the WEP Mode , 2005, ASIACRYPT.

[20]  Goutam Paul,et al.  Permutation After RC4 Key Scheduling Reveals the Secret Key , 2007, Selected Areas in Cryptography.

[21]  Yukiyasu Tsunoo,et al.  A Distinguishing Attack on a Fast Software-Implemented RC4-Like Stream Cipher , 2007, IEEE Transactions on Information Theory.

[22]  Octavio Nieto-Taladriz,et al.  Finding an internal state of RC4 stream cipher , 2007, Inf. Sci..

[23]  Serge Vaudenay,et al.  Passive-Only Key Recovery Attacks on RC4 , 2007, Selected Areas in Cryptography.

[24]  Goutam Paul,et al.  On Non-randomness of the Permutation After RC4 Key Scheduling , 2007, AAECC.

[25]  Goutam Paul,et al.  RC4 State Information at Any Stage Reveals the Secret Key , 2007, IACR Cryptol. ePrint Arch..

[26]  Erik Tews,et al.  Breaking 104 Bit WEP in Less Than 60 Seconds , 2007, WISA.

[27]  Goutam Paul,et al.  New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4 , 2008, FSE.

[28]  Eli Biham,et al.  Efficient Reconstruction of RC4 Keys from Internal States , 2008, FSE.

[29]  Alexander Maximov,et al.  New State Recovery Attack on RC4 , 2008, CRYPTO.

[30]  Goutam Paul,et al.  On non-negligible bias of the first output byte of RC4 towards the first three bytes of the secret key , 2008, Des. Codes Cryptogr..

[31]  Mete Akgün,et al.  New Results on the Key Scheduling Algorithm of RC4 , 2008, INDOCRYPT.

[32]  Andreas Klein,et al.  Attacks on the RC4 stream cipher , 2008, Des. Codes Cryptogr..