Paper 2016/063

Analysing and Exploiting the Mantin Biases in RC4

Remi Bricout, Sean Murphy, Kenneth G. Paterson, and Thyla van der Merwe

Abstract

We explore the use of the Mantin biases (Mantin, Eurocrypt 2005) to recover plaintexts from RC4-encrypted traffic. We provide a more fine-grained analysis of these biases than in Mantin's original work. We show that, in fact, the original analysis was incorrect in certain cases: the Mantin biases are sometimes non-existent, and sometimes stronger than originally predicted. We then show how to use these biases in a plaintext recovery attack. Our attack targets two unknown bytes of plaintext that are located close to sequences of known plaintext bytes, a situation that arises in practice when RC4 is used in, for example, TLS. We provide a statistical framework that enables us to make predictions about the performance of this attack and its variants. We then extend the attack using standard dynamic programming techniques to tackle the problem of recovering longer plaintexts, a setting of practical interest in recovering HTTP session cookies and user passwords that are protected by RC4 in TLS. We perform experiments showing that we can successfully recover 16-byte plaintexts with 80% success rate using $2^{31}$ ciphertexts, an improvement over previous attacks.

Note: A version of this paper, containing substantially the same content as the current version, was submitted to Eurocrypt 2016 on 8th October 2015. Notification of rejection from that conference was received on 24th January 2016. The paper in its current form was submitted to eprint on 24th January 2015.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Contact author(s)
kenny paterson @ rhul ac uk
History
2016-02-22: revised
2016-01-25: received
See all versions
Short URL
https://ia.cr/2016/063
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/063,
      author = {Remi Bricout and Sean Murphy and Kenneth G.  Paterson and Thyla van der Merwe},
      title = {Analysing and Exploiting the Mantin Biases in {RC4}},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/063},
      year = {2016},
      url = {https://eprint.iacr.org/2016/063}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.