Sciweavers

SACRYPT
2001
Springer

Weaknesses in the Key Scheduling Algorithm of RC4

14 years 4 months ago
Weaknesses in the Key Scheduling Algorithm of RC4
Abstract. Inthis paper we present several weaknesses in the keyscheduling algorithm of RC4, and describe their cryptanalytic signi cance. We identify a large number of weak keys, in which knowledge of a small number of key bits su ces to determine many state and output bits with non-negligible probability. We use these weak keys to construct new distinguishers for RC4, and to mount related key attacks with practical complexities. Finally, we show that RC4 is completely insecure in a common mode of operation which is used in the widely deployed Wired Equivalent Privacy protocol WEP, which is part of the 802.11 standard, in which a xed secret key is concatenated with known IV modi ers in order to encrypt di erent messages. Our new passive ciphertext-only attack on this mode can recover an arbitrarily long key in a negligible amount of time which grows only linearly with its size, both for 24 and 128 bit IV modi ers.
Scott R. Fluhrer, Itsik Mantin, Adi Shamir
Added 30 Jul 2010
Updated 30 Jul 2010
Type Conference
Year 2001
Where SACRYPT
Authors Scott R. Fluhrer, Itsik Mantin, Adi Shamir
Comments (0)