Skip to main content

Advertisement

Springer Nature Link
Log in
Menu
Find a journal Publish with us Track your research
Search
Cart
  1. Home
  2. Fast Software Encryption
  3. Conference paper

A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher

  • Conference paper
  • pp 245–259
  • Cite this conference paper
Fast Software Encryption (FSE 2004)
A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher
  • Souradyuti Paul17 &
  • Bart Preneel17 

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3017))

Included in the following conference series:

  • International Workshop on Fast Software Encryption

  • 4863 Accesses

  • 99 Citations

  • 3 Altmetric

Abstract

The paper presents a new statistical bias in the distribution of the first two output bytes of the RC4 keystream generator. The number of outputs required to reliably distinguish RC4 outputs from random strings using this bias is only 225 bytes. Most importantly, the bias does not disappear even if the initial 256 bytes are dropped. This paper also proposes a new pseudorandom bit generator, named RC4A, which is based on RC4’s exchange shuffle model. It is shown that the new cipher offers increased resistance against most attacks that apply to RC4. RC4A uses fewer operations per output byte and offers the prospect of implementations that can exploit its inherent parallelism to improve its performance further.

This work was partially supported by the Concerted Research Action GOA-MEFISTO-666 of the Flemish government.

Download to read the full chapter text

Chapter PDF

Similar content being viewed by others

An approach of refining RC4 with performance analysis on new variants

Article 22 October 2019

RC4D: A New Development of RC4 Encryption Algorithm

Chapter © 2021

Performance Analysis of Encrypted Data Files by Improved RC4 (IRC4) and Original RC4

Chapter © 2018

Explore related subjects

Discover the latest articles, books and news in related subjects, suggested using machine learning.
  • Computer Science
  • Cryptology
  • Data Structures
  • Logic gates
  • Nanopores
  • Open Source

References

  1. Finney, H.: An RC4 cycle that can’t happen. Post in sci. crypt (September 1994)

    Google Scholar 

  2. Fluhrer, S., Mantin, I., Shamir, A.: Weaknesses in the Key Scheduling Algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  3. Fluhrer, S., McGrew, D.: Statistical Analysis of the Alleged RC4 Keystream Generator. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 19–30. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  4. Golić, J.: Linear Statistical Weakness of Alleged RC4 Keystream Generator. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 226–238. Springer, Heidelberg (1997)

    Google Scholar 

  5. Grosul, A., Wallach, D.: A related key cryptanalysis of RC4. Department of Computer Science, Rice University, Technical Report TR-00-358 (June 2000)

    Google Scholar 

  6. Jenkins, R.: Isaac and RC4. Published on the Internet, at http://burtleburtle.net/bob/rand/isaac.html

  7. Knudsen, L., Meier, W., Preneel, B., Rijmen, V., Verdoolaege, S.: Analysis Methods for (Alleged) RC4. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 327–341. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  8. Knuth, D.E.: The Art of Computer Programming. Seminumerical Algorithms, vol. 2. Addison-Wesley Publishing Company, Reading (1981)

    MATH  Google Scholar 

  9. Mantin, I., Shamir, A.: A Practical Attack on Broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  10. Mironov, I.: Not (So) Random Shuffle of RC4. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 304–319. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  11. Mister, S., Tavares, S.: Cryptanalysis of RC4-like Ciphers. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 131–143. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  12. Paul, S., Preneel, B.: Analysis of Non-fortuitous Predictive States of the RC4 Keystream Generator. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 52–67. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  13. Preneel, B., et al.: NESSIE Security Report. Version 2.0, IST-1999-12324, February 19 (2003), http://www.cryptonessie.org

  14. Pudovkina, M.: Statistical Weaknesses in the Alleged RC4 keystream generator. Cryptology ePrint Archive 2002–171, IACR (2002)

    Google Scholar 

  15. Roos, A.: Class of weak keys in the RC4 stream cipher. Post in sci. crypt (September 1995)

    Google Scholar 

  16. Stubblefield, A., Ioannidis, J., Rubin, A.: Using the Fluhrer, Mantin and Shamir attack to break WEP. In: Proceedings of the 2002 Network and Distributed Systems Security Symposium, pp. 17–22 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. ESAT/COSIC, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, B–3001, Leuven-Heverlee, Belgium

    Souradyuti Paul & Bart Preneel

Authors
  1. Souradyuti Paul
    View author publications

    Search author on:PubMed Google Scholar

  2. Bart Preneel
    View author publications

    Search author on:PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Indian Statistical Institute, Applied Statistics Unit, 203 B T Road, 700 108, Kolkata, India

    Bimal Roy

  2. FHNW, Windisch, Switzerland

    Willi Meier

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Paul, S., Preneel, B. (2004). A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher. In: Roy, B., Meier, W. (eds) Fast Software Encryption. FSE 2004. Lecture Notes in Computer Science, vol 3017. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-25937-4_16

Download citation

  • .RIS
  • .ENW
  • .BIB

  • DOI: https://doi.org/10.1007/978-3-540-25937-4_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22171-5

  • Online ISBN: 978-3-540-25937-4

  • eBook Packages: Springer Book Archive

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Keywords

  • Internal State
  • Stream Cipher
  • Random String
  • Random Source
  • Plaintext Attack

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Publish with us

Policies and ethics

Search

Navigation

  • Find a journal
  • Publish with us
  • Track your research

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Journal finder
  • Publish your research
  • Language editing
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our brands

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Discover
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support
  • Legal notice
  • Cancel contracts here

3.142.212.186

Not affiliated

Springer Nature

© 2025 Springer Nature