Survey on Some of the Existing Attacks on RC4.

Date of Submission

December 2007

Date of Award

Winter 12-12-2008

Institute Name (Publisher)

Indian Statistical Institute

Document Type

Master's Dissertation

Degree Name

Master of Technology

Subject Name

Computer Science


Applied Statistics Unit (ASU-Kolkata)


Maitra, Subhamoy (ASU-Kolkata; ISI)

Abstract (Summary of the Work)

RC4 is the most widely deployed stream cipher in software applications, due to its simplicity and efficiency. It has a huge internal state but it has very light-weight key scheduling and output generation processes, which motivated our cryptanalytic efforts.In this thesis we analyze the KSA (key scheduling algorithm) of RC4, and describe several weaknesses in it. We identify a large number of weak keys, in which knowledge of a small number of key bits suffices to determine many state and output bits with non-negligible probability. We use these weak keys to construct new distinguishers for RC4, and to mount related key attacks with practical complexities. Another weakness of RC4 initialization mechanism is a major statistical bias in the distribution of the first output words. This bias makes it trivial to distinguish between several hundred short outputs of RC4 and random strings by analyzing their second word. This weakness can be used to mount a practical ciphertextonly attack on RC4 in some broadcast applications, in which the same plaintext is sent to multiple recipients under different keys. This unique statistical behavior is independent of the KSA, and remains applicable even when RC4 starts with a totally random permutation.


ProQuest Collection ID:

Control Number


Creative Commons License

Creative Commons Attribution 4.0 International License
This work is licensed under a Creative Commons Attribution 4.0 International License.


This document is currently not available here.