Skip to main content
SpringerLink
Log in

Proving TLS-attack related open biases of RC4

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

After a series of results on RC4 cryptanalysis in flagship cryptology conferences and journals, one of the most significant recent attacks on the cipher has been the discovery of vulnerabilities in the SSL/TLS protocol, by AlFardan et al. (USENIX 2013). Through extensive computations, they identified some new significant short-term single-byte biases in RC4 keystream sequence, and utilized those, along-with existing biases, towards the TLS attack. The current article proves these new and unproved biases in RC4, and in the process discovers intricate non-randomness within the cipher. In this connection, we also prove the anomaly in the 128th element of the permutation after the key scheduling algorithm. Finally, the proof for the extended key-length dependent biases in RC4 keystream sequence, a problem attempted and partially solved by Isobe et al. in FSE 2013, has also been completed in this work.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

Notes

  1. This was independently observed by AlFardan et al. [1, 4] as well.

References

  1. AlFardan, N.J., Bernstein, D.J., Paterson, K.G., Poettering, B., Schuldt, J.C.N.: On the security of RC4 in TLS. In: King, S.T. (ed.) Proceedings of the 22th USENIX Security Symposium, Washington, DC, August 14–16, 2013, pp. 305–320. USENIX Association (2013)

  2. AlFardan, N., Bernstein, D., Paterson, K., Poettering, B., Schuldt, J.: Distribution of RC4 keystream bytes. http://www.isg.rhul.ac.uk/tls/RC4_keystream_dist_2_45.txt. Accessed 20 July 2014

  3. Basu, R., Ganguly, S., Maitra, S., Paul, G.: A complete characterization of the evolution of RC4 pseudo random generation algorithm. J. Math. Cryptol. 2(3), 257–289 (2008)

  4. Bernstein, D.: Failures of secret-key cryptography. Invited talk at FSE 2013, session chaired by Bart Preneel. http://cr.yp.to/talks/2013.03.12/slides.pdf. Accessed 20 July 2014

  5. Fluhrer, S.R., McGrew, D.A.: Statistical analysis of the alleged RC4 keystream generator. In: Schneier, B. (ed.) FSE. Lecture Notes in Computer Science, vol. 1978. Springer, Heidelberg (2000)

  6. Golic, J.D.: Linear statistical weakness of alleged RC4 keystream generator. In: Fumy, W. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 1233, pp. 226–238. Springer, Heidelberg (1997)

  7. Golic, J.D.: Linear models for a time-variant permutation generator. IEEE Trans. Inf. Theory 45(7), 2374–2382 (1999)

  8. Isobe, T., Ohigashi, T., Watanabe, Y., Morii, M.: Full plaintext recovery attack on broadcast RC4. In: Moriai, S. (ed.) Fast Software Encryption—20th International Workshop (FSE 2013), Singapore, March 11–13, 2013. Lecture Notes in Computer Science, vol. 8424, pp. 179–202. Springer (2014)

  9. Isobe, T., Ohigashi, T., Watanabe, Y., Morii, M.: Comprehensive analysis of initial keystream biases of RC4. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. E97–A(1), 139–151 (2014)

  10. Jenkins R.J.: ISAAC and RC4. (1996). http://burtleburtle.net/bob/rand/isaac.html. Accessed 20 July 2014

  11. Lv, J., Lin, D.: L-P states of RC4 stream cipher. IACR Cryptology ePrint Archive, no. 266 (2013)

  12. Lv, J., Zhang, B., Lin, D.: Distinguishing attacks on RC4 and a new improvement of the cipher. IACR Cryptology ePrint Archive, no. 176 (2013)

  13. Maitra, S., Paul, G., Sen Gupta, S.: Attack on broadcast RC4 revisited. In: Joux, A. (ed.) FSE. Lecture Notes in Computer Science, vol. 6733, pp. 199–217. Springer, Heidelberg (2011)

  14. Maitra, S., Paul, G., Sarkar, S., Lehmann, M., Meier, W.: New results on generalization of Roos-type biases and related keystream of RC4. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) Africacrypt. Lecture Notes in Computer Science, vol. 7918, pp. 222–239. Springer, Heidelberg (2013)

  15. Mantin, I.: Analysis of the stream cipher RC4. Master’s thesis, The Weizmann Institute of Science, Israel (2001). http://www.wisdom.weizmann.ac.il/itsik/RC4/RC4.html. Accessed 20 July 2014

  16. Mantin, I.: Predicting and distinguishing attacks on RC4 keystream generator. In: Cramer, R. (ed.) Lecture Notes in Computer Science. EUROCRYPT, vol. 3494, pp. 491–506. Springer, Heidelberg (2005)

  17. Mantin, I., Shamir, A.: A practical attack on broadcast RC4. In: Matsui, M. (ed.) FSE. Lecture Notes in Computer Science, vol. 2355, pp. 152–164. Springer, Heidelberg (2001)

  18. Mironov, I.: (Not so) random shuffles of RC4. In: Yung, M. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 2442, pp. 304–319. Springer, Heidelberg (2002)

  19. Orumiehchiha, M.A., Pieprzyk, J., Shakour, E., Steinfeld, R.: Cryptanalysis of RC4\((n, m)\) stream cipher. IACR Cryptology ePrint Archive, no. 178 (2013)

  20. Paul, G., Maitra, S., Srivastava, R.: On non-randomness of the permutation after RC4 key scheduling. In: Boztas, S., Lu, H.F. (eds.) AAECC. Lecture Notes in Computer Science, vol. 4851, pp. 100–109. Springer, Heidelberg (2007)

  21. Roos, A.: A class of weak keys in the RC4 stream cipher. Two posts in sci.crypt, message-id 43u1eh\({\$}\)1j3@hermes.is.co.za and 44ebge\({\$}\)llf@hermes.is.co.za. (1995). http://www.impic.org/papers/WeakKeys-report.pdf. Accessed 20 July 2014

  22. Sarkar, S.: Further non-randomness in RC4, RC4A and VMPC. In: International Workshop on Coding and Cryptography (WCC) (2013)

  23. Sen Gupta, S., Maitra, S., Paul, G., Sarkar, S.: Proof of empirical RC4 biases and new key correlations. In: Miri, A., Vaudenay, S. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 7118, pp. 151–168. Springer, Heidelberg (2011)

  24. Sen Gupta, S., Maitra, S., Paul, G., Sarkar, S.: (Non-)random sequences from (non-)random permutations—analysis of RC4 stream cipher. J. Crypt. 27(1), 67–108 (2014)

  25. Sepehrdad, P.: Statistical and Algebraic Cryptanalysis of Lightweight and Ultra-lightweight Symmetric Primitives. PhD thesis No. 5415, École Polytechnique Fédérale de Lausanne (EPFL) (2012). http://lasecwww.epfl.ch/sepehrdad/Pouyan_Sepehrdad_PhD_Thesis.pdf. Accessed 20 July 2014

  26. Sepehrdad, P., Vaudenay, S., Vuagnoux, M.: Discovery and exploitation of new biases in RC4. In: Biryukov, A., Gong, G., Stinson, D.R. (eds.) Selected Areas in Cryptography. Lecture Notes in Computer Science, vol. 6544, pp. 74–91. Springer, Heidelberg (2010)

  27. Sepehrdad, P., Vaudenay, S., Vuagnoux, M.: Statistical attack on RC4: distinguishing WPA. In: Paterson, K.G. (ed.) EUROCRYPT. Lecture Notes in Computer Science, vol. 6632, pp. 343–363. Springer, Heidelberg (2011)

  28. Sepehrdad, P., Susil, P., Vaudenay, S., Vuagnoux, M.: Smashing WEP in a passive attack. Fast Software Encryption (FSE) (2013)

  29. Striömbergson, J., Josefsson, S.: The perils of repeating patterns: observation of some weak keys in RC4. IACR Cryptology ePrint Archive, vol. 241 (2013)

Download references

Acknowledgments

We sincerely thank the anonymous reviewers whose feedback and suggestions helped in substantial improvement of the technical as well as the editorial quality of our paper. We are also grateful to the Project CoEC (Centre of Excellence in Cryptology), Indian Statistical Institute, Kolkata, funded by the Government of India, for partial support towards this project.

Author information

Authors and Affiliations

  1. Chennai Mathematical Institute, Chennai, 603 103, India

    Santanu Sarkar

  2. Cryptology and Security Research Unit, R. C. Bose Centre for Cryptology and Security, Indian Statistical Institute, Kolkata, 700 108, India

    Sourav Sen Gupta & Goutam Paul

  3. Applied Statistics Unit, Indian Statistical Institute, Kolkata, 700 108, India

    Subhamoy Maitra

Authors
  1. Santanu Sarkar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sourav Sen Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Goutam Paul
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Subhamoy Maitra
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Goutam Paul.

Additional information

Communicated by M. Paterson.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Sarkar, S., Sen Gupta, S., Paul, G. et al. Proving TLS-attack related open biases of RC4. Des. Codes Cryptogr. 77, 231–253 (2015). https://doi.org/10.1007/s10623-014-0003-0

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-014-0003-0

Keywords

Mathematics Subject Classification

Search

Navigation