Abstract
A keystream generator known as RC4 is analyzed by the linear model approach. It is shown that the second binary derivative of the least significant bit output sequence is correlated to 1 with the correlation coefficient close to 15 · 2−3n where n is the variable word size of RC4. The output sequence length required for the linear statistical weakness detection may be realistic in high speed applications if n ≤ 8. The result can be used to distinguish RC4 from other keystream generators and to determine the unknown parameter n, as well as for the plaintext uncertainty reduction if n is small.
This work was done while the author was with the Information Security Research Centre, Queensland University of Technology, Brisbane, Australia. This research was supported in part by the Science Fund of Serbia, grant #04M02, through the Mathematical Institute, Serbian Academy of Science and Arts.
Chapter PDF
Similar content being viewed by others
References
Ameritech Mobile Communications et al., “Cellular digital packet data system specifications, part 406: airlink security,” CDPD Industry Input Coordinator, Costa Mesa, Calif., July 1993.
J. Daemen, R. Govaerts, and J. Vandewalle, “Resynchronization weakness in synchronous stream ciphers,” Advances in Cryptology — EUROCRYPT’ 92, Lecture Notes in Computer Science, vol. 765, T. Helleseth ed., Springer-Verlag, pp. 159–167, 1994.
W. Feller, An Introduction to Probability Theory and its Applications. New York: Wiley, 3. edition, vol. 1, 1968.
P. Flajolet and A. M. Odlyzko, “Random mapping statistics,” Advances in Cryptology — EUROCRYPT’ 89, Lecture Notes in Computer Science, vol. 434, J.-J. Quisquater and J. Vandewalle eds., Springer-Verlag, pp. 329–354, 1990.
J. Dj. Golić, “Correlation via linear sequential circuit approximation of combiners with memory,” Advances in Cryptology — EUROCRYPT’ 92, Lecture Notes in Computer Science, vol. 658, R. A. Rueppel ed., Springer-Verlag, pp. 113–123, 1993.
J. Dj. Golić, “On the security of shift register based keystream generators,” Fast Software Encryption — Cambridge’ 93, Lecture Notes in Computer Science, vol. 809, R. J. Anderson ed., Springer-Verlag, pp. 90–100, 1994.
J. Dj. Golić, “Intrinsic statistical weakness of keystream generators,” Advances in Cryptology — ASIACRYPT’ 94, Lecture Notes in Computer Science, vol. 917, J. Pieprzyk and R. Safavi-Naini eds., Springer-Verlag, pp. 91–103, 1995.
J. Dj. Golić, “Towards fast correlation attacks on irregularly clocked shift registers,” Advances in Cryptology — EUROCRYPT’ 95, Lecture Notes in Computer Science, vol. 921, L. C. Guillou and J.-J. Quisquater eds., Springer-Verlag, pp. 248–262, 1995.
J. Dj. Golić, “Linear models for keystream generators,” IEEE Trans. Computers, vol. C-45, pp. 41–49, Jan. 1996.
J. Dj. Golić, “On the security of nonlinear filter generators,” Fast Software Encryption — Cambridge’ 96, Lecture Notes in Computer Science, vol. 1039, D. Gollmann ed., Springer-Verlag, pp. 173–188, 1996.
R. J. Jenkins Jr., “ISAAC,” Fast Software Encryption — Cambridge’ 96, Lecture Notes in Computer Science, vol. 1039, D. Gollmann ed., Springer-Verlag, pp. 41–49, 1996.
M. D. MacLaren and G. Marsaglia, “Uniform random number generation,” J. ACM, vol. 15, pp. 83–89, 1965.
W. Meier and O. Staffelbach, “Fast correlation attacks on certain stream ciphers,” Journal of Cryptology, vol. 1(3), pp. 159–176, 1989.
W. Meier and O. Staffelbach, “Correlation properties of combiners with memory in stream ciphers,” Journal of Cryptology, vol. 5(1), pp. 67–86, 1992.
R. L. Rivest, “The RC4 encryption algorithm,” RSA Data Security, Inc., Mar. 1992.
R. A. Rueppel, Analysis and Design of Stream Ciphers. Berlin: Springer-Verlag, 1986.
R. A. Rueppel, “Stream ciphers,” Contemporary Cryptology: The Science of Information Integrity, G. Simmons ed., pp. 65–134. New York: IEEE Press, 1991.
B. Schneier, Applied Cryptography. New-York: Wiley, 1996.
T. Siegenthaler, “Correlation immunity of nonlinear combining functions for cryptographic applications,” IEEE Trans. Inform. Theory, vol. IT-30, pp. 776–780, Sept. 1984.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1997 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Golić, J.D. (1997). Linear Statistical Weakness of Alleged RC4 Keystream Generator. In: Fumy, W. (eds) Advances in Cryptology — EUROCRYPT ’97. EUROCRYPT 1997. Lecture Notes in Computer Science, vol 1233. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-69053-0_16
Download citation
DOI: https://doi.org/10.1007/3-540-69053-0_16
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-62975-7
Online ISBN: 978-3-540-69053-5
eBook Packages: Springer Book Archive