Jing Lv,Bin Zhang,Dongdai Lin

2013-01-01

Abstract:RC4, designed by Rivest in 1987, is the most widely deployed stream cipher in practical applications. In this paper, two new class of statistical biases inherent in RC4 are depicted and it is shown that the RC4 keystream is distinguishable from random no matter how many initial bytes have been dumped. RC4A, proposed by Paul and Preneel at FSE 2004 to strengthen the security of RC4, is also found to be vulnerable to similar attacks. Instead, a new pseudorandom bit generator RC4B is proposed, which is believed to provide better immunity against the known attacks.

Jing Lv,Dongdai Lin

2013-01-01

Abstract:The stream cipher RC4 was designed by R.Rivest in 1987, and it is a widely deployed cipher. Many predictive states of RC4 for some special indices i were presented in the last 20 years. In this paper, we present several long term predictive states. These states increase the probability to guess part of the internal state in a known plaintext attack and present a cryptanalytic weakness of RC4. This paper also analyzes possible long term bias in the keystream and further propose a search method for the long term predictive states.

Fanping Zeng

2008-01-01

Abstract:When used in application, RC4 cipher technology has some problems, such as weak keys and related key attacks, invariance weakness,,byte bias and so on.This paper presents an improved RC4 cipher technology, which combines the ECC cipher and the RC4 stream cipher.Theemphasis is analyzing the efficiency, the management of keys, and the capability of the improved RC4 cipher.The result indicates that the efficiencyof the improved RC4 is just a litter lower than RC4 stream cipher while the security is much better than RC4.It has good repellency of the currentattacks which aim at RC4 stream cipher.What is more, the improved RC4 cipher has a good way to solve the problems about key management andkey update, which is very significant in application.

HU Liang,CHI Ling,YUAN Wei,LI Hong-tu,CHU Jian-feng

DOI: https://doi.org/10.13413/j.cnki.jdxblxb.2012.03.011

2012-01-01

Abstract:Based on security risks for RC4 algorithm,we presented some improvements.The improved algorithm can resist the fault induction attack via adding the self-error detection phase,and resist Knudsen's attack via adding the byte conversion phase.After analyzing the security of the improved algorithm,we proved that the improved algorithm can resist the fault induction attack and Knudsen's attack validly,the security of the RC4 algorithm is hence enhanced.

Remi Bricout,Sean Murphy,Kenneth G Paterson,Thyla van der Merwe

DOI: https://doi.org/10.1007/s10623-017-0355-3

Abstract:We explore the use of the Mantin biases (Mantin, Eurocrypt 2005) to recover plaintexts from RC4-encrypted traffic. We provide a more fine-grained analysis of these biases than in Mantin's original work. We show that, in fact, the original analysis was incorrect in certain cases: the Mantin biases are sometimes non-existent, and sometimes stronger than originally predicted. We then show how to use these biases in a plaintext recovery attack. Our attack targets two unknown bytes of plaintext that are located close to sequences of known plaintext bytes, a situation that arises in practice when RC4 is used in, for example, TLS. We provide a statistical framework that enables us to make predictions about the performance of this attack and its variants. We then extend the attack using standard dynamic programming techniques to tackle the problem of recovering longer plaintexts, a setting of practical interest in recovering HTTP session cookies and user passwords that are protected by RC4 in TLS. We perform experiments showing that we can successfully recover 16-byte plaintexts with 80% success rate using 2 31 ciphertexts, an improvement over previous attacks.

Chao YUAN,Mixue XU,Xueming SI

DOI: https://doi.org/10.11772/j.issn.1001-9081.2017071945

2018-01-01

Journal of Computer Applications

Abstract:Aiming at the plaintext recovery on plaintexts encrypted by RC4 (Rivest Cipher 4) algorithm with different lengths of seed key,a plaintext recovery attack on plaintexts encrypted by RC4 algorithm with different lengths of seed key (8 bytes,16 bytes,22 bytes) was proposed.Firstly,by using the statistical algorithm,the t-value distribution of each output byte of key stream of RC4 was calculated under the condition of 232 different seed keys,and biases were found.Then the attack on the first 256 bytes of the plaintext encrypted by the RC4 was given by using single-byte biases and double-bytes biases.The experimental results show that with 23t ciphertexts,the first 196 bytes of the plaintext can be recovered with the success probability of 100％ except the 4th Byte.Besides,the first 256 bytes can be recovered with the success probability over 91％,87％ and 81％ for 8-byte,16-byte and 22-byte seed key,respectively.The proposed attack algorithm extends the scope of RC4 algorithm with seed key length of 16 bytes,and it can recover the plaintexts encrypted by RC4 algorithm in practice.

Huafei Zhu,Lixin Ran,Yumin Wang

IF: 1.019

1999-01-01

Chinese Journal of Electronics

Abstract:Cryptographic hash functions are very important for cryptographic protocols such as signature scheme and message authentication. Based on the pioneer work of X. Lai et al., a new framework of hash algorithm is developed in this paper. In our hash scheme, an extra pseudorandom keystream generator is not needed which may be more conveniently for practical use. We have proved that the security of the new hash scheme is equivalent to that of feedback shift registers (FSRs) controlled by 2m - bit security keys.

xuejia lai,james l massey,sean d murphy

DOI: https://doi.org/10.1007/3-540-46416-6_2

1991-01-01

Abstract:This paper considers the security of iterated block ciphers against the differential cryptanalysis introduced by Biham and Shamir. Differential cryptanalysis is a chosen-plaintext attack on secret-key block ciphers that are based on iterating a cryptographically weak function r times (e.g., the 16-round Data Encryption Standard (DES)). It is shown that the success of such attacks on an r-round cipher depends on the existence of (r-1)-round differentials that have high probabilities, where an i-round differential is defined as a couple (α, β) such that a pair of distinct plaintexts with difference α can result in a pair of i-th round outputs that have difference β, for an appropriate notion of "difference". The probabilities of such differentials can be used to determine a lower bound on the complexity of a differential cryptanalysis attack and to show when an r-round cipher is not vulnerable to such attacks. The concept of "Markov ciphers" is introduced for iterated ciphers because of its significance in differential cryptanalysis. If an iterated cipher is Markov and its round subkeys are independent, then the sequence of differences at each round output forms a Markov chain. It follows from a result of Biham and Shamir that DES is a Markov cipher. It is shown that, for the appropriate notion of "difference", the Proposed Encryption Standard (PES) of Lai and Massey, which is an 8-round iterated cipher, is a Markov cipher, as are also the mini-version of PES with block length 8, 16 and 32 bits. It is shown that PES(8) and PES(16) are immune to differential cryptanalysis after sufficiently many rounds. A detailed cryptanalysis of the full-size PES is given and shows that the very plausibly most probable 7-round differential has a probability about 2-58. A differential cryptanalysis attack of PES(64) based on this differential is shown to require all 264 possible encryptions. This cryptanalysis of PES suggested a new design principle for Markov ciphers, viz., that their transition probability matrices should not be symmetric. A minor modification of PES, consistent with all the original design principles, is proposed that satisfies this new design criterion. This modified cipher, called Improved PES (IPES), is described and shown to be highly resistant to differential cryptanalysis.

Bo Qu,Dawu Gu,Zheng Guo,Junrong Liu

DOI: https://doi.org/10.1016/j.camwa.2012.02.024

IF: 3.218

2012-01-01

Computers & Mathematics with Applications

Abstract:Side-channel attacks on block ciphers and public key algorithms have been discussed extensively, but only a few systematic studies on the applicability of side-channel attacks to stream ciphers could be found. The objective of the present study is to develop general differential power analysis techniques which can be employed to attack the stream ciphers with linear feedback shift registers. To illustrate the new approach, a common structure of a stream cipher with the basic components is given. Then the approach is employed to analyze the given structure. The results show that the linear feedback shift registers may leak the information of the secret key. The approach is also applied to Crypto-1 and the experimental results show that it is very effective. 28-bit information of the 48-bit secret key can be obtained just by analyzing some power traces. Furthermore, the present work may be helpful in analyzing a variety of stream ciphers with LFSRs.

HE Ke-jing

2009-01-01

Abstract:According to the open information from the Microsoft official documents, the OpenOffice documents and the wvWare project, this paper studies the RC4 stream cipher and its implementation in the Office 97～2003.The analysis discovers that the default 40 bit encryption method used by Office 97-2003 is very weak and insecure.Coupling rainbow precomputation attack, the encryption can be broken in 1 min～2 min.This paper suggests users do not rely on the default 40 bit"Office 97/2000 Compatible"encryption to protect your confidential information.On the contrary, the 128 bit"Microsoft Enhanced Cryptographic Provider"is preferred.It also recommends that users adopt the stronger encryption algorithm provided by compression softwares better when better security is necessary.

Jintai Ding,Bo-Yin Yang,Chia-Hsin Owen Chen,Ming-Shing Chen,Chen-Mou Cheng

DOI: https://doi.org/10.1007/978-3-540-68914-0_15

2008-01-01

Abstract:A recently proposed class of multivariate Public-Key Cryptosystems, the Rainbow-Like Digital Signature Schemes, in which successive sets of central variables are obtained from previous ones by solving linear equations, seem to lead to efficient schemes (TTS, TRMS, and Rainbow) that perform well on systems of low computational resources. Recently SFLASH (C*-) was broken by Dubois, Fouque, Shamir, and Stern via a differential attack. In this paper, we exhibit similar algebraic and diffential attacks, that will reduce published Rainbow-like schemes below their security levels. We will also discuss how parameters for Rainbow and TTS schemes should be chosen for practical applications.

Shaohui Zhang,Liji Wu,Xiangmin Zhang,Xingjun Wu,Xiangyu Li,Huajun Fang

DOI: https://doi.org/10.1109/cis.2015.98

2015-01-01

Abstract:This paper introduces RC4 stream cipher which is widely used in the TLS/SSL protocol and several weaknesses in its algorithm. In order to enhance the security of RC4, this paper proposes a new masking scheme using random number for both input key and the internal states of RC4. This improved RC4 has destroyed the foundation of many attacks on RC4, especially the template attack. The new algorithm is realized based on the SAKURA-G FPGA board, and 1000 power traces and 5000 power traces are acquired from the unmasked and masked RC4 hardware respectively with 256 different input keys. The experiment results show that the proposed masking scheme for RC4 can be effectively resistant to template attack.

HaiNa Zhang,Lin Li,XiaoYun Wang

DOI: https://doi.org/10.1007/s11432-008-0064-7

2008-01-01

Science in China Series F Information Sciences

Abstract:ABC v3 is a stream cipher submitted to the ECRYPT eStream project and has entered the second evaluation phase. Its key length is 128 bits. In this paper, we find large numbers of new weak keys of ABC family and introduce a method to search for them, and then apply a fast correlation attack to break ABC v3 with weak keys. We show that there are at least 2(103.71) new weak keys in ABC v3. Recovering the internal state of a weak key requires 2(36.05) keystream words and 2(50.56) operations. The attack can be applied to ABC v1 and v2 with the same complexity as that of ABC v3. However, the number of weak keys of ABC v1 as well as ABC v2 decreases to 2(97) + 2(95.19). It reveals that ABC v3 incurs more weak keys than that of ABC v1 and v2.

Shen Jing,Li Chao

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.12.019

2006-01-01

Abstract:We discuss different fixed rotation's effect to RC6-I (A variety of RC6 which replace the quadratic function by identity function) at first, and prove that the invulnerability to differential attack is best when the fixed rotation is equal to lgw.

Chenpeng Xue,Ning Jiang,Xiaoyan Zhao,Anke Zhao,Yanhua Hong,Qiu Kun

DOI: https://doi.org/10.1364/cleopr.2018.f2d.2

2018-01-01

Abstract:We propose a new stream-cipher generation scheme based on the correlated physical random bit generation with synchronized chaotic lasers and pseudo-random bit extension RC4 algorithm. The proposed scheme shows high-security, extensible rate and strong robustness.

Xiaoxuan Lou,Fan Zhang,Guorui Xu,Ziyuan Liang,Xinjie Zhao,Shize Guo,Kui Ren

DOI: https://doi.org/10.1007/978-3-030-42921-8_29

2020-01-01

Abstract:Block ciphers with Feistel structures are vulnerable to a specific type of cache attacks named differential cache attacks. The attacks leverage side-channel leakages from cache and differential property of cipher component to reveal the master key of cipher. In this paper, we combine the algebraic analysis to enhance the attacks, and propose a novel method named Algebraic Differential Cache Attack (ADCA). By converting both cipher and cache leakages to algebraic equations, ADCA can reveal the cipher key automatically with the help of the SAT solver, which allows the analysis on much deeper rounds and makes a considerable reduction in attack complexity. When it is applied to the block cipher SM4, 10 plaintexts are enough to reveal the master key in 8-rounds analysis, while the traditional differential cache attack needs 20 ones. Finally, to eliminate the impact from noise, an error-tolerant method is proposed to deduce cache events from the leakage traces. It vastly enhances the robustness of attack, and makes the attack more practical. The experimental results show that the error-tolerant ADCA can correctly reveal the master key even when the uncertainty rate of cache events reaches to 60%.

Wei Li,Jiayao Li,Dawu Gu,Chaoyun Li,Tianpei Cai

DOI: https://doi.org/10.1109/tifs.2021.3102485

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the development of wireless technology, the ubiquitous sensor networks have a profound effect on the way human interacts with computers, devices and environment. In order to reduce the potentially serious risks in the interaction, applying lightweight ciphers is effective to balance security, efficiency and convenience. Simeck is such a lightweight cipher that provides data confidentiality, authentication and integrity. It is significant to explore whether Simeck remains robust security. Up to now, the attacking assumptions of the previous security analysis of Simeck focus on the known-plaintext attack and the chosen-plaintext attack. There is no literature about Simeck against the ciphertext-only attack, which represents the weakest attacking capability of the attackers. On the assumption of the ciphertext-only attack, this paper proposes the security analysis of Simeck against the statistical fault analysis with a series of novel distinguishers of KDE, MME and MME-GF. The experimental results show that the proposed distinguishers can recover the secret key of Simeck in both decreasing faults and increasing reliability and accuracy. Thus, Simeck cannot resist against the statistical fault analysis with the proposed distinguishers. Furthermore, the good performance of these novel distinguishers can be applied on the PRESENT lightweight cipher. It offers the valuable reference for the design and analysis of the lightweight ciphers in the ubiquitous sensor networks.

computer science, theory & methods,engineering, electrical & electronic

Kai Zhang,Xuejia Lai,Jie Guan,Bin Hu

DOI: https://doi.org/10.1007/s10623-023-01241-5

2023-01-01

Abstract:With the rapid evolvement of cryptanalysis, attacks with multiple distinguishers have emerged gradually. Many new cryptanalytic methods such as multiple differential cryptanalysis, multiple linear cryptanalysis, multiple impossible differential cryptanalysis, multidimensional zero correlation linear cryptanalysis have been proposed, which have greatly enhanced the efficiency of corresponding attacks. During these attacks, discovering more distinguishers has always been a trivial and manual work. Many cryptographers use their expertise and experience to achieve this goal. However, in most cases, either the length of the attack or the number of distinguishers is underestimated. This paper proposes a generic method to discover more different distinguishers based on a new property called “weak rotational property”. Block ciphers with this property can easily discover more distinguishers such as truncated differential distinguishers, impossible differential distinguishers and zero correlation linear distinguishers in a theoretical approach. Then the number of equivalent distinguishers is proved in a mathematical form. As an application, this paper focuses on SIMON family ciphers to illustrate how this property improves cryptanalysis. For the section of application, first of all, SIMON family ciphers are proved to have weak rotational property. Thus the number of corresponding discovered distinguishers can be increased for SIMON. Then, some earlier observations on SIMON are extended accordingly to this new property. Finally, based on the idea of weak rotational property and equivalent-subkey technique, an improved impossible differential cryptanalysis on SIMON is proposed. For SIMON32(64)/SIMON128(128)/SIMON128(192), the rounds attacked are all extended by one round. For other variants of SIMON, current best non full codebook impossible differential attacks are derived. The successful application of weak rotational property indicates its potential in cryptanalysis.

Seifedine Kadry,Mohamad Smaili

DOI: https://doi.org/10.48550/arXiv.1111.5641

2011-11-23

Cryptography and Security

Abstract:This paper develops a new algorithm to improve the security of RC4. Given that RC4 cipher is widely used in the wireless communication and has some weaknesses in the security of RC4 cipher, our idea is based on the combination of the RC4 and the poly alphabetic cipher Vigen\`ere to give a new and more secure algorithm which we called VRC4. In this technique the plain text is encrypted using the classic RC4 cipher then re-encrypt the resulted cipher text using Vigen\`ere cipher to be a more secure cipher text. For simplicity, we have implemented our new algorithm in Java Script taking into consideration two factors: improvement of the security and the time complexity. To show the performance of the new algorithm, we have used the well known network cracking software KisMac.

陈一阳,陈恭亮

DOI: https://doi.org/10.3969/j.issn.1009-8054.2010.06.041

2010-01-01

Abstract:The design and analysis of stream cipher plays an important role in modern cryptology.This paper briefly reviews the basic principle and model of stream cipher analysis,mainly including TMD tradeoff attack,guess-and-determine attack,correlation attack,BAA attack,algebraic attack and side-channel attack.Then simulations of TMD tradeoff attack,guess-and-determine attack and correlation attack are performed by using Mathematical kit software,with results and a part of codes appended.The tests reveal an important design principle:it is critical to avoid the linear evolvement of internal state and eliminate the biased statistical properties of keystream.Finally some conclusions and prospects of stream cipher analysis are provided.