Cryptology ePrint Archive: Report 2014/985

Statistical weakness in Spritz against VMPC-R: in search for the RC4 replacement

Bartosz Zoltak

Abstract: We found a statistical weakness in the Spritz algorithm designed by Ronald L. Rivest and Jacob C. N. Schuldt. For N=8: Prob(output(x)=output(x+2)) = 1/N + 0.000498. The bias becomes statistically significant (for N=8) after observing about 2^21.9 outputs. Analogous bias occurs for N=16. We propose an algorithm (VMPC-R) which for N=8 produced 2^46.8 (31 million times more) outputs which remained undistinguishable from random in the same battery of tests. Supported by a series of additional statistical tests and security analyses we present VMPC-R as an algorithm we hope can be considered a worthwhile replacement for RC4.

Category / Keywords: secret-key cryptography / PRNG; CSPRNG; Spritz; RC4; VMPC-R; stream cipher; distinguishing attack

Date: received 6 Dec 2014, last revised 6 Dec 2014

Contact author: bzoltak at vmpcfunction com

Available format(s): PDF | BibTeX Citation

Version: 20141210:034148 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]