Results on significant anomalies of state values after key scheduling algorithm in RC4

It is already known that the internal permutation of the stream cipher RC4 generally deviates from a random permutation. These deviations are termed as biases, theoretical justification of which is being reported since early 2000. However, there are several biases (anomalies), which are not proven till date. In this study, the authors provide the theoretical proofs of all significant anomalies of RC4 in the 16-byte key setting. In the process, they also provide the theoretical justification of the zig-zag type distribution of the 31st output byte of RC4 (first discovered and presented by AlFardan et al. in USENIX 2013).

[1]  Masakatu Morii,et al.  How to Recover Any Byte of Plaintext on RC4 , 2013, Selected Areas in Cryptography.

[2]  Mete Akgün,et al.  New Results on the Key Scheduling Algorithm of RC4 , 2008, INDOCRYPT.

[3]  Kenneth G. Paterson,et al.  On the Security of RC4 in TLS , 2013, USENIX Security Symposium.

[4]  Kenneth G. Paterson,et al.  Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS , 2015, USENIX Security Symposium.

[5]  Eli Biham,et al.  Efficient Reconstruction of RC4 Keys from Internal States , 2008, FSE.

[6]  Ilya Mironov,et al.  (Not So) Random Shuffles of RC4 , 2002, IACR Cryptol. ePrint Arch..

[7]  Ayineedi Venkateswarlu,et al.  Revisiting (nested) Roos bias in RC4 key scheduling algorithm , 2017, Des. Codes Cryptogr..

[8]  Goutam Paul,et al.  On Non-randomness of the Permutation After RC4 Key Scheduling , 2007, AAECC.

[9]  Masakatu Morii,et al.  Full Plaintext Recovery Attack on Broadcast RC4 , 2013, FSE.

[10]  Frank Piessens,et al.  All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS , 2015, USENIX Annual Technical Conference.

[11]  Goutam Paul,et al.  On non-negligible bias of the first output byte of RC4 towards the first three bytes of the secret key , 2008, Des. Codes Cryptogr..

[12]  Goutam Paul,et al.  New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4 , 2008, FSE.

[13]  Kenneth G. Paterson,et al.  Analysing and exploiting the Mantin biases in RC4 , 2017, Designs, Codes and Cryptography.

[14]  Goutam Paul,et al.  Permutation After RC4 Key Scheduling Reveals the Secret Key , 2007, Selected Areas in Cryptography.

[15]  Takanori Isobe,et al.  Some Proofs of Joint Distributions of Keystream Biases in RC4 , 2016, INDOCRYPT.