Skip to main content
SpringerLink
Log in

Revisiting (nested) Roos bias in RC4 key scheduling algorithm

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

RC4 is one of the most popular stream cipher with wide industrial applications, it has received serious attention in cryptology literature in the last 2 decades. In 1995, Roos pointed out that the elements \(S_N[y]\) of the permutation \(S_N\) after the key scheduling algorithm for the first few values of y are biased to certain combinations of secret key bytes. These correlations were theoretically studied by Paul and Maitra (SAC, 2007). The formula for the correlation probabilities provided by them gives a wrong impression that the probabilities decrease as the value of y becomes larger, which is not true. In this paper, we point out some gaps in their analysis and present a detailed analysis of Roos bias. We provide a more accurate formula for the correlation probabilities. We further study nested Roos type biases and present comparison results. These types of biases are used to reconstruct key from the permutation \(S_N\) for better success probability.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4

Similar content being viewed by others

References

  1. AlFardan N., Bernstein D., Paterson K., Poettering B., Schuldt J.: On the security of RC4 in TLS. In: USENIX 2013, pp. 305–320 (2013). http://www.isg.rhul.ac.uk/tls/.

  2. Biham E., Carmeli Y.: Efficient reconstruction of RC4 keys from internal states. In: FSE 2008. LNCS, vol. 5086, pp. 270–288 (2008).

  3. Isobe T., Ohigashi T., Watanabe Y., Morii M.: Full plaintext recovery attack on broadcast RC4. In: FSE 2013. LNCS, vol. 8424, pp. 179–202 (2013).

  4. Klein A.: Attacks on the RC4 stream cipher. Des. Codes Cryptogr. 48(3), 269–286 (2008)

  5. Maitra S., Paul G.: New form of permutation bias and secret key leakage in keystream bytes of RC4. In: FSE 2008. LNCS, vol. 5086, pp. 253–269 (2008).

  6. Maitra S., Paul G., Sen Gupta S.: Attack on broadcast RC4 Revisited. In: FSE 2011. LNCS, vol. 6733, pp. 199–217 (2011).

  7. Mantin I.: Analysis of the stream cipher RC4. Masters Thesis, The Weizmann Institute of Science, Israel (2001).

  8. Mantin I., Shamir A.: A practical attack on broadcast RC4. In: FSE 2001. LNCS, vol. 2355, pp. 152–164 (2002).

  9. Maitra S., Paul G., Sarkar S., Lehmann M., Meier W.: New results on generalization of Roos-type biases and related keystreams of RC4. In: Africacrypt 2008. LNCS, vol. 7918, pp. 222–239 (2002)

  10. McKague M.E.: Design and analysis of RC4-like stream ciphers. Master’s Thesis, University of Waterloo, Canda (2005).

  11. Patel J.K., Read C.B.: Handbook of the Normal Distribution. CRC Press, Boca Raton (1996).

  12. Paul G., Maitra S.: Permutation after RC4 key scheduling reveals the secret key. In: SAC. LNCS, vol. 4876, pp. 360–377 (2007).

  13. Paul G., Rathi S., Maitra S.: On non-negligible bias of the first output byte of RC4 towards the first three bytes of the secret key. Des. Codes Cryptogr. 49(1–3), 123–134 (2008).

  14. Paterson K.G., Poettering B., Schuldt J.C.N.: Plaintext recovery attacks against WPA/TKIP. In: FSE. LNCS, vol. 8540, pp. 325–349 (2014).

  15. Paterson K.G., Poettering B., Schuldt J. C.N.: Big bias hunting in amazonia: large-scale computation and exploitation of RC4 biases (Invited Paper). In: ASIACRYPT 2014. LNCS, vol. 8873, pp. 398–419 (2014).

  16. Roos A.: A class of weak keys in the RC4 stream cipher. Two posts in sci.crypt, message-id 43u1eh$1j3@hermes.is.co.za, 44ebge$llf@hermes.is.co.za, (1995).

  17. Sage: Open Source Mathematics Software. http://www.sagemath.org/.

  18. Sepehrdad P., Vaudenay S., Vuagnoux M.: Statistical attack on RC4—Distinguishing WPA. In: EUROCRYPT. LNCS, vol. 6632, pp. 343–363 (2011).

  19. IEEE 802.11. Wireless LAN medium access control (MAC) and physical layer (PHY) specification (1997).

  20. IEEE 802.11i. Wireless LAN medium access control (MAC) and physical layer (PHY) specification: amendment 6: medium access control (MAC) security enhancements (2004).

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics, Indian Institute of Technology Madras, Chennai, 600036, India

    Santanu Sarkar

  2. Computer Science Unit, Indian Statistical Institute - Chennai Centre, MGR Knowledge City Road, Taramani, Chennai, 600113, India

    Ayineedi Venkateswarlu

Authors
  1. Santanu Sarkar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ayineedi Venkateswarlu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Santanu Sarkar.

Additional information

This is one of several papers published in Designs, Codes and Cryptography comprising the “Special Issue on Coding and Cryptography”.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sarkar, S., Venkateswarlu, A. Revisiting (nested) Roos bias in RC4 key scheduling algorithm. Des. Codes Cryptogr. 82, 131–148 (2017). https://doi.org/10.1007/s10623-016-0219-2

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-016-0219-2

Keywords

Mathematics Subject Classification

Search

Navigation