Generalized Classes of Weak Keys on RC4 Using Predictive State

Teramura, Ryoichi; Ohigashi, Toshihiro; Kuwakado, Hidenori; Morii, Masakatu

doi:10.1587/transfun.e94.a.10

Cited by 4 publications

(3 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Those predictive states are guaranteed to be correlated weak keys. Incidentally, we use the searching algorithm shown by Teramura et al [20]. Because of the much quantity of search, the total number of high parameters is not calculated.…”

Section: Definition 3 [8 Definition 3]mentioning

confidence: 99%

“…The key recovery attack using Roos' weak keys has efficiency of 2 122.9 . Teramura et al expanded Roos' weak keys in 2011 [20]. They exploit a part of the predictive state for a key recovery attack, where the predictive state is the special states of the PRGA on RC4, and predicts a few bytes keystream from a few bytes of the internal state.…”

Section: Introductionmentioning

confidence: 99%

“…The strict total number of weak keys. The total number of Teramura et al's weak keys is derived by the number of predictive states in [20] and Table 5 In this appendix, we show the predictive state search algorithm, which correspond with given keystream as much as possible. The basic idea is simple, the PRGA is operated without determining the value of S , and values are not fixed unless they are pressed by necessity.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Expanding Weak-key Space of RC4

Nagao

Ohigashi

Isobe

et al. 2014

Journal of Information Processing

Self Cite

View full text Add to dashboard Cite

RC4 is a stream cipher designed by Rivest in 1987. It is the most famous stream cipher and widely used e.g., SSL/TLS, WEP and WPA. Although RC4 in particular implementations and settings such as the WEP implementation and the broadcast setting, was already broken, RC4 itself is not completely broken yet. In 2011, Teramura et al. generalized classes of weak keys of RC4 by using the predictive state, which are special classes of the internal state of RC4. The total number of Teramura et al.'s weak keys is approximately 2 117.29 . Their weak-key attack can recover a 128-bit secret key with efficiency of 2 95.10 , where efficiency is defined as time complexity per success probability of the attack. This attack works only if particular patterns of the keystream are observed. In this paper, we further expand weak-key space of RC4. By thoroughly analyzing the relation between the key and the initial state of the pseudorandom generation algorithm, we can find new classes of predictive state which are utilized for key recovery attacks. As a result, 2 118.58 keys can be defined as new weak keys, whose number is more than twice the number of Teramura et al.'s weak keys. Moreover, our attack is applicable to any keystream, while Teramura et al.'s attack is feasible only in particular patterns of the keystream. Given any keystream, our weak-key attack can recover a 128-bit secret key with efficiency of 2 115.11 . Our attack is the best-known single-key key recovery attack on RC4 with respect to efficiency. In addition, if we focus on specific keystreams similar to Teramura et al.'s attack, the 128-bit secret key can be recovered with efficiency of 2 76.32 , which is more efficient than Teramura et al.'s attack.

show abstract

Section: Definition 3 [8 Definition 3]mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation