You are looking at a specific version 20141222:113355 of this paper. See the latest version.

Paper 2014/900

Some Security Results of the RC4+ Stream Cipher

Subhadeep Banik and Sonu Jha

Abstract

RC4+ stream cipher was proposed by Maitra et. al. at Indocrypt 2008. It was claimed by the authors that this new stream cipher is designed to overcome all the weaknesses reported on the alleged RC4 stream cipher. In the design specifications of RC4+, the authors make use of an 8-bit design parameter called pad which is fixed to the value 0xAA. The first Distinguishing Attack on RC4+ based on the bias of its first output byte was shown by Banik et. al. in Indocrypt 2013. In this paper, it was also mentioned that the distinguishing attack would still hold if the pad used in RC4+ is fixed to any even 8-bit constant other than 0xAA. Therefore, the question that arises is whether the design of RC4+ can be protected by fixing the pad parameter to some constant odd value. In this paper, we try to answer this very question. We show that the design is still vulnerable by mounting a distinguishing attack even if the pad is fixed to some constant 8-bit odd value. Surprisingly we find that if the value of the pad is made equal to 0x03, the design provides maximum resistance to distinguishing attacks. Lastly we return to the original cipher i.e. in which pad is set to 0xAA and unearth another bias in the second output byte of the cipher, thereby showing that practical implementations of this cipher should discard the use of the first two output bytes for encryption.

Note: revision

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
Distinguishing AttacksRC4RC4+Stream Ciphers.
Contact author(s)
jhasonu1987 @ yahoo com
History
2014-12-22: last of 3 revisions
2014-10-30: received
See all versions
Short URL
https://ia.cr/2014/900
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.