Cryptology ePrint Archive: Report 2013/476

Some results on RC4 in WPA

Sourav Sen Gupta and Subhamoy Maitra and Willi Meier and Goutam Paul and Santanu Sarkar

Abstract: Motivated by the work of AlFardan et al 2013, in this paper we present several results related to RC4 non-randomness in WPA. We first prove the interesting zig-zag distribution of the first byte and the similar nature for the biases in the initial keystream bytes to zero. As we note, this zig-zag nature surfaces due to the dependency of first and second key bytes in WPA/TKIP, both derived from the same byte of the IV. Further, we also note that the correlation of certain keystream bytes to the first three IV bytes provides much higher biases than what had been presented in the work by AlFardan et al 2013. We notice that the correlations of the keystream bytes with publicly known IV values of WPA potentially strengthens the practical plaintext recovery attack on the protocol; formulation of the exact details related to this attack is in progress.

Category / Keywords: RC4, Bias, Plaintext Recovery, TKIP, WPA.

Date: received 3 Aug 2013, last revised 23 Oct 2013

Contact author: sg sourav at gmail com

Available format(s): PDF | BibTeX Citation

Note: This is a major revision of the previous version; includes some significant new results and work in progress.

Version: 20131024:043023 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]