Cryptology ePrint Archive: Report 2008/348

Iterative Probabilistic Reconstruction of RC4 Internal States

Jovan Golic and Guglielmo Morgari

Abstract: It is shown that an improved version of a previously proposed iterative probabilistic algorithm, based on forward and backward probability recursions along a short keystream segment, is capable of reconstructing the RC4 internal states from a relatively small number of known initial permutation entries. Given a modulus $N$, it is argued that about $N/3$ and $N/10$ known entries are sufficient for success, for consecutive and specially generated entries, respectively. The complexities of the corresponding guess-and-determine attacks are analyzed and, e.g., for $N=256$, the data and time complexities are (conservatively) estimated to be around $D \approx 2^{41}$, $C \approx 2^{689}$ and $D \approx 2^{211}$, $C \approx 2^{262}$, for the two types of guessed entries considered, respectively.

Category / Keywords: secret-key cryptography/stream ciphers, RC4, iterative probabilistic cryptanalysis, guess-and-determine attacks

Date: received 8 Aug 2008, last revised 8 Aug 2008

Contact author: jovan golic at telecomitalia it

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | BibTeX Citation

Version: 20080811:071214 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]