2011 | OriginalPaper | Buchkapitel
Attack on Broadcast RC4 Revisited
verfasst von : Subhamoy Maitra, Goutam Paul, Sourav Sen Gupta
Erschienen in: Fast Software Encryption
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
In this paper, contrary to the claim of Mantin and Shamir (FSE 2001), we prove that there exist biases in the initial bytes (3 to 255) of the RC4 keystream towards zero. These biases immediately provide distinguishers for RC4. Additionally, the attack on broadcast RC4 to recover the second byte of the plaintext can be extended to recover the bytes 3 to 255 of the plaintext given Ω(
N
3
) many ciphertexts. Further, we also study the non-randomness of index
j
for the first two rounds of PRGA, and identify a strong bias of
j
2
towards 4. This in turn provides us with certain state information from the second keystream byte.