On Some Sequences of the Secret Pseudo-random Index j in RC4 Key Scheduling

RC4 Key Scheduling Algorithm (KSA) uses a secret pseudo-random index j which is dependent on the secret key. Let S N be the permutation after the complete KSA of RC4. It is known that the value of j in round y + 1 can be predicted with high probability from S N [y ] for the initial values of y and from $S^{-1}_N[y]$ for the final values of y . This fact has been exploited in several recent works on secret key recovery from S N . In this paper, we perform extensive analysis of some special sequences of indices corresponding to the j values that leak useful information for key recovery. We present new theoretical results on the probability and the number of such sequences. As an application, we explain a new secret key recovery algorithm that can recover a 16 bytes secret key with a success probability of 0.1409. Our strategy has high time complexity at this point and requires further improvement to be feasible in practice.

[1]  Goutam Paul,et al.  Permutation After RC4 Key Scheduling Reveals the Secret Key , 2007, Selected Areas in Cryptography.

[2]  Alexander Maximov,et al.  New State Recovery Attack on RC4 , 2008, CRYPTO.

[3]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[4]  Erik Tews,et al.  Attacks on the WEP protocol , 2007, IACR Cryptol. ePrint Arch..

[5]  Mete Akgün,et al.  New Results on the Key Scheduling Algorithm of RC4 , 2008, INDOCRYPT.

[6]  Matthew McKague,et al.  Design and Analysis of RC4-like Stream Ciphers , 2005 .

[7]  Octavio Nieto-Taladriz,et al.  Finding an internal state of RC4 stream cipher , 2007, Inf. Sci..

[8]  Aggelos Kiayias,et al.  Polynomial Reconstruction Based Cryptography , 2001, Selected Areas in Cryptography.

[9]  Vincent Rijmen,et al.  Analysis Methods for (Alleged) RC4 , 1998, ASIACRYPT.

[10]  Martijn Stam Beyond Uniformity: Better Security/Efficiency Tradeoffs for Compression Functions , 2008, CRYPTO.

[11]  Kazuo Ohta,et al.  Advances in Cryptology — ASIACRYPT’98 , 2002, Lecture Notes in Computer Science.

[12]  Goutam Paul,et al.  New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4 , 2008, FSE.

[13]  Goutam Paul,et al.  RC4 State Information at Any Stage Reveals the Secret Key , 2007, IACR Cryptol. ePrint Arch..

[14]  Shahram Khazaei,et al.  On Reconstruction of RC4 Keys from Internal States , 2008, MMICS.

[15]  Eli Biham,et al.  Efficient Reconstruction of RC4 Keys from Internal States , 2008, FSE.