On Non-randomness of the Permutation After RC4 Key Scheduling

  • Goutam Paul
  • Subhamoy Maitra
  • Rohit Srivastava
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4851)


Here we study a weakness of the RC4 Key Scheduling Algorithm (KSA) that has already been noted by Mantin and Mironov. Consider the RC4 permutation S of N (usually 256) bytes and denote it by S N after the KSA. Under reasonable assumptions we present a simple proof that each permutation byte after the KSA is significantly biased (either positive or negative) towards many values in the range 0, ..., N − 1. These biases are independent of the secret key and thus present an evidence that the permutation after the KSA can be distinguished from random permutation without any assumption on the secret key. We also present a detailed empirical study over Mantin’s work when the theoretical formulae vary significantly from experimental results due to repetition of short keys in RC4. Further, it is explained how these results can be used to identify new distinguishers for RC4 keystream.


Bias Cryptography Cryptanalysis Key Scheduling Algorithm RC4 Stream Cipher 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Fluhrer, S.R., McGrew, D.A.: Statistical Analysis of the Alleged RC4 Keystream Generator. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 19–30. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Fluhrer, S.R., Mantin, I., Shamir, A.: Weaknesses in the Key Scheduling Algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  3. 3.
    Golic, J.: Linear statistical weakness of alleged RC4 keystream generator. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 226–238. Springer, Heidelberg (1997)Google Scholar
  4. 4.
    Jenkins, R.J.: ISAAC and RC4 (1996),
  5. 5.
    Mantin, I., Shamir, A.: A Practical Attack on Broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  6. 6.
    Mantin, I.: A Practical Attack on the Fixed RC4 in the WEP Mode. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 395–411. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Mantin, I.: Predicting and Distinguishing Attacks on RC4 Keystream Generator. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 491–506. Springer, Heidelberg (2005)Google Scholar
  8. 8.
    Mantin, I.: Analysis of the Stream Cipher RC4. Master’s Thesis. The Weizmann Institute of Science, Israel (2001)Google Scholar
  9. 9.
    Mironov, I.: Random Shuffles of RC4. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 304–319. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Paul, G., Rathi, S., Maitra, S.: On Non-negligible Bias of the First Output Byte of RC4 towards the First Three Bytes of the Secret Key. In: 2007 International Workshop on Coding and Cryptography, pp. 285–294 (2007)Google Scholar
  11. 11.
    Paul, G., Maitra, S.: Permutation after RC4 Key Scheduling Reveals the Secret Key. In: SAC 2007. 14th Annual Workshop on Selected Areas in Cryptography, Ottawa, Canada (2007)Google Scholar
  12. 12.
    Paul, S., Preneel, B.: A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 245–259. Springer, Heidelberg (2004)Google Scholar
  13. 13.
    Roos, A.: A class of weak keys in the RC4 stream cipher (1995), Available at
  14. 14.
    Wagner, D.: My RC4 weak keys (1995),

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Goutam Paul
    • 1
  • Subhamoy Maitra
    • 2
  • Rohit Srivastava
    • 3
  1. 1.Department of Computer Science and Engineering, Jadavpur University, Kolkata 700 032India
  2. 2.Applied Statistics Unit, Indian Statistical Institute, 203, B T Road, Kolkata 700 108India
  3. 3.Department of Computer Science and Engineering, Institute of Technology, Banaras Hindu University, Varanasi 221 005 (UP)India

Personalised recommendations