International Workshop on Selected Areas in Cryptography

SAC 2001: Selected Areas in Cryptography pp 1-24

Weaknesses in the Key Scheduling Algorithm of RC4

  • Scott Fluhrer
  • Itsik Mantin
  • Adi Shamir
Conference paper

DOI: 10.1007/3-540-45537-X_1

Volume 2259 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Fluhrer S., Mantin I., Shamir A. (2001) Weaknesses in the Key Scheduling Algorithm of RC4. In: Vaudenay S., Youssef A.M. (eds) Selected Areas in Cryptography. SAC 2001. Lecture Notes in Computer Science, vol 2259. Springer, Berlin, Heidelberg

Abstract

In this paper we present several weaknesses in the key scheduling algorithm of RC4, and describe their cryptanalytic significance. We identify a large number of weak keys, in which knowledge of a small number of key bits suffices to determine many state and output bits with non-negligible probability. We use these weak keys to construct new distinguishers for RC4, and to mount related key attacks with practical complexities. Finally, we show that RC4 is completely insecure in a common mode of operation which is used in the widely deployed Wired Equivalent Privacy protocol (WEP, which is part of the 802.11 standard), in which a fixed secret key is concatenated with known IV modifiers in order to encrypt different messages. Our new passive ciphertext-only attack on this mode can recover an arbitrarily long key in a negligible amount of time which grows only linearly with its size, both for 24 and 128 bit IV modifiers.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Scott Fluhrer
    • 1
  • Itsik Mantin
    • 2
  • Adi Shamir
    • 2
  1. 1.Cisco Systems, Inc.San JoseUSA
  2. 2.Computer Science departmentThe Weizmann InstituteRehovotIsrael