Previously overlooked bias signatures for RC4

Recent findings suggest that known short-term and long-term biases for RC4 can be practically exploited to capture extended part of the Internet traffic relying on Transportation Layer Security (TLS) with RC4 cipher. While RC4 is no longer a dominant cipher used in the Internet, research community continues to exploure its characteristics and even propose its derivatives. To the best of our knowledge, no works have correctly verified the set of well-known Fluhrer-McGrew biases. We experimentally approached to validate the correctness of the biases during which we uncovered two additional biases. Furthermore, our experiment has successfully produced and generalized a set of non-consecutive byte biases from RC4 keystream. Finally, we have captured bias signatures for several well-known RC4 variants.

[1]  Masakatu Morii,et al.  Full Plaintext Recovery Attack on Broadcast RC4 , 2013, FSE.

[2]  Qamar Abbas,et al.  Comparative Study between Stream Cipher and Block Cipher using RC4 and Hill Cipher , 2010 .

[3]  Bartosz Zoltak,et al.  VMPC One-Way Function and Stream Cipher , 2004, FSE.

[4]  Kenneth G. Paterson,et al.  On the Security of RC4 in TLS , 2013, USENIX Security Symposium.

[5]  Goutam Paul,et al.  Analysis of RC4 and Proposal of Additional Layers for Better Security Margin , 2008, IACR Cryptol. ePrint Arch..

[6]  Goutam Paul,et al.  (Non-)Random Sequences from (Non-)Random Permutations—Analysis of RC4 Stream Cipher , 2012, Journal of Cryptology.

[7]  Adi Shamir,et al.  A Practical Attack on Broadcast RC4 , 2001, FSE.

[8]  Jian Xie,et al.  An improved RC4 stream cipher , 2010, 2010 International Conference on Computer Application and System Modeling (ICCASM 2010).

[9]  Dan S. Wallach,et al.  A Related-Key Cryptanalysis of RC4 , 2000 .

[10]  T. D. B. Weerasinghe,et al.  An effective RC4 stream cipher , 2013, 2013 IEEE 8th International Conference on Industrial and Information Systems.

[11]  T. D. B. Weerasinghe,et al.  Analysis of a Modified RC4 Algorithm , 2012, IACR Cryptol. ePrint Arch..

[12]  Alexander Maximov Two Linear Distinguishing Attacks on VMPC and RC4A and Weakness of RC4 Family of Stream Ciphers , 2005, FSE.

[13]  Bart Preneel,et al.  A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher , 2004, FSE.

[14]  Scott R. Fluhrer,et al.  Statistical Analysis of the Alleged RC4 Keystream Generator , 2000, FSE.

[15]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[16]  Subhamoy Maitra,et al.  High-Performance Hardware Implementation for RC4 Stream Cipher , 2013, IEEE Transactions on Computers.

[17]  Ilya Mironov,et al.  (Not So) Random Shuffles of RC4 , 2002, IACR Cryptol. ePrint Arch..