Discovery and Exploitation of New Biases in RC4

Sepehrdad, Pouyan; Vaudenay, Serge; Vuagnoux, Martin

doi:10.1007/978-3-642-19574-7_5

Cited by 47 publications

(64 citation statements)

References 21 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Obviously, we can easily justify that Approximations (5), (6) are independent, because the involved states x 10100 , x 00100 in (5) are independent of the involved states x 10110 , x 00110 in (6); similarly, Approximations (8), (9), (10), (11) are independent pairwise. Our main focus here is to show below that these two groups of approximations are, however, not independent.…”

Section: Preliminary Analysis On Cubehash Round Functionmentioning

confidence: 96%

“…The internal states are invertible with the CubeHash round function T , as each step operation is invertible. Thus, we can rewrite Approximations (8), (9), (10), (11) in terms of states right after step one as follows respectively,…”

Section: Preliminary Analysis On Cubehash Round Functionmentioning

confidence: 99%

“…Nevertheless, when the bias is large, we can always compute it empirically, as successfully showed with recent results on RC4 biases (eg. [9]). The direct bias computation when the bias is small is beyond the scope of this paper.…”

Section: Our Analysis On Cubehash Round Functionmentioning

confidence: 99%

“…We get q ′ = 0xaf ed/0x10000, p ′ + = 0xd4698c87/(0xaf ed * 2 21 ), p ′ − = 0x4ea00ceb/(0x5013 * 2 21 ). They correspond to the percentage of positive bias 68.7%, the average of positive bias +2 −4.73 , the average of negative bias −2 −5.03 , and the average bias +2 −5.94 of all 9 . By (31), we estimate the bias 2 −17.5 for A ⊕ B ⊕ C. This result agrees with our first estimation (38).…”

mentioning

confidence: 99%

See 3 more Smart Citations

Synthetic Linear Analysis: Improved Attacks on CubeHash and Rabbit

Vaudenay

Meier

et al. 2012

Information Security and Cryptology - ICISC 2011

Self Cite

View full text Add to dashboard Cite

Abstract. It has been considered most important and difficult to analyze the bias and find a large bias regarding the security of cryptosystems, since the invention of linear cryptanalysis. The demonstration of a large bias will usually imply that the target crypto-system is not strong. Regarding the bias analysis, researchers often focus on a theoretical solution for a specific problem. In this paper, we take a first step towards the synthetic approach on bias analysis. We successfully apply our synthetic analysis to improve the most recent linear attacks on CubeHash and Rabbit respectively. CubeHash was selected to the second round of SHA-3 competition. For CubeHash, the best linear attack on 11-round CubeHash with 2 470 queries was proposed previously. We present an improved attack for 11-round CubeHash with complexity 2 414.2 . Based on our 11-round attack, we give a new linear attack for 12-round CubeHash with complexity 2 513 , which is sharply close to the security parameter 2 512 of CubeHash. Rabbit is a stream cipher among the finalists of ECRYPT Stream Cipher Project (eSTREAM). For Rabbit, the best linear attack with complexity 2 141 was recently presented. Our synthetic bias analysis yields the improved attack with complexity 2 136 . Moreover, it seems that our results might be further improved, according to our ongoing computations.

show abstract

Section: Preliminary Analysis On Cubehash Round Functionmentioning

confidence: 96%

Section: Preliminary Analysis On Cubehash Round Functionmentioning

confidence: 99%

Section: Our Analysis On Cubehash Round Functionmentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

Synthetic Linear Analysis: Improved Attacks on CubeHash and Rabbit

Vaudenay

Meier

et al. 2012

Information Security and Cryptology - ICISC 2011

Self Cite

View full text Add to dashboard Cite

show abstract

“…As reported in the literature the adversary attack the WEP protocol by recovering the secret key K from the known values of IV (initialization vector) and known values of the RC4 keystream bytes found from the plaintext and ciphertext pairs. [31][32][33], and Shepehrdad, Susil, Vaudenay and Vuagnoux (SSVV) attack [34], WEP was declared as an insecure protocol. Later it is replaced by WPA (Wi-Fi protected access) which also make use of RC4 as its core element.…”

Section: Key Recovery From Keystreammentioning

confidence: 99%

A Survey on RC4 Stream Cipher

Jindal

Singh²

2015

IJCNIS

View full text Add to dashboard Cite

Abstract-RC4 is one of the most widely used stream cipher due to its simplicity, speed and efficiency. In this paper we have presented a chronological survey of RC4 stream cipher demonstrating its weaknesses followed by the various RC4 enhancements from the literature. From the recently observed cryptanalytic attempts on RC4 it is established that innovative research efforts are required to develop secure RC4 algorithm, which can remove the weaknesses of RC4, such as biased bytes, key collisions, and key recovery attacks specifically on WEP and WPA. These flaws in RC4 are offering open challenge for developers. Hence our chronological survey corroborates the fact that even though researchers are working on RC4 stream cipher since last two decades, it still offers a plethora of research issues related to statistical weaknesses in either state or keystream.

show abstract