2007 | OriginalPaper | Buchkapitel
Permutation After RC4 Key Scheduling Reveals the Secret Key
verfasst von : Goutam Paul, Subhamoy Maitra
Erschienen in: Selected Areas in Cryptography
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
A theoretical analysis of the RC4 Key Scheduling Algorithm (KSA) is presented in this paper, where the nonlinear operation is swapping among the permutation bytes. Explicit formulae are provided for the probabilities with which the permutation bytes after the KSA are biased to the secret key. Theoretical proofs of these formulae have been left open since Roos’s work (1995). Based on this analysis, an algorithm is devised to recover the
l
bytes (i.e., 8
l
bits, typically 5 ≤
l
≤ 16) secret key from the final permutation after the KSA with constant probability of success. The search requires
O
(2
4
l
) many operations which is the square root of the exhaustive key search complexity 2
8
l
. Further, a generalization of the RC4 KSA is analyzed corresponding to a class of update functions of the indices involved in the swaps. This reveals an inherent weakness of shuffle-exchange kind of key scheduling.