On the Weak State in GGHN-like Ciphers

RC4 is a stream cipher that makes use of aninternal state table, S, which represents a permutation over Z28 . GGHN is a relatively more efficient stream cipher whose design is inspired from RC4 but whose S table, however, does not represent a permutation over Z2m. In this paper, we point out one challenging aspect of the latter design principle. In particular, we assess GGHN-like algorithms with respect to weak states, in which all internal state words and output elements are even. Once GGHN is absorbed in a weak state, the least significant bit of the plaintext words will be revealed only by looking at the ciphertext. By modelling the algorithm by a Markov chain and calculating chain's absorption time, we show that the average number of steps required by these algorithms to enter this weak state can be lower than expected at first glance and hence caution should be exercised when estimating this number.

[1]  Alexander Maximov,et al.  New State Recovery Attack on RC4 , 2008, CRYPTO.

[2]  Erik Tews,et al.  Breaking 104 Bit WEP in Less Than 60 Seconds , 2007, WISA.

[3]  Alexander Maximov Two Linear Distinguishing Attacks on VMPC and RC4A and Weakness of RC4 Family of Stream Ciphers , 2005, FSE.

[4]  Itsik Mantin,et al.  Predicting and Distinguishing Attacks on RC4 Keystream Generator , 2005, EUROCRYPT.

[5]  Serge Vaudenay,et al.  Passive-Only Key Recovery Attacks on RC4 , 2007, Selected Areas in Cryptography.

[6]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[7]  Yukiyasu Tsunoo,et al.  A Distinguishing Attack on a Fast Software-Implemented RC4-Like Stream Cipher , 2007, IEEE Transactions on Information Theory.

[8]  Hongjun Wu Cryptanalysis of a 32-bit RC4-like Stream Cipher , 2005, IACR Cryptol. ePrint Arch..

[9]  Charles M. Grinstead,et al.  Introduction to probability , 1999, Statistics for the Behavioural Sciences.

[10]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[11]  John N. Tsitsiklis,et al.  Introduction to Probability , 2002 .

[12]  Aleksandar Kircanski Cryptanalysis of symmetric key primitives , 2009 .

[13]  Bart Preneel,et al.  A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher , 2004, FSE.

[14]  Guang Gong,et al.  A 32-bit RC4-like Keystream Generator , 2005, IACR Cryptol. ePrint Arch..

[15]  Martin Hell,et al.  Towards a general RC4-like keystream generator , 2005 .

[16]  Adi Shamir,et al.  A Practical Attack on Broadcast RC4 , 2001, FSE.

[17]  Scott R. Fluhrer,et al.  Statistical Analysis of the Alleged RC4 Keystream Generator , 2000, FSE.

[18]  Jovan Dj. Golic,et al.  Linear Statistical Weakness of Alleged RC4 Keystream Generator , 1997, EUROCRYPT.

[19]  Ilya Mironov,et al.  (Not So) Random Shuffles of RC4 , 2002, IACR Cryptol. ePrint Arch..

[20]  Vincent Rijmen,et al.  Analysis Methods for (Alleged) RC4 , 1998, ASIACRYPT.

[21]  Andreas Klein,et al.  Attacks on the RC4 stream cipher , 2008, Des. Codes Cryptogr..

[22]  Bart Preneel,et al.  On the (In)security of Stream Ciphers Based on Arrays and Modular Addition , 2006, ASIACRYPT.

[23]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .