Abstract
In this paper, we provide a complete characterization of the RC4 Pseudo Random Generation Algorithm (PRGA) for one step: i = i + 1; j = j + S[i]; swap(S[i], S[j]); z = S[S[i] + S[j]]. This is the first time such an involved description is presented to get a concise view of how RC4 PRGA evolves. Considering all the permutations (we also keep in mind the Finney states), we find that the distribution of z is not uniform given i, j. A corollary of this result shows that information about j is always leaked from z. Next, studying two consecutive steps of RC4 PRGA, we prove that the index j is not produced uniformly at random given the value of j two steps ago. We also provide additional evidence of z leaking information on j. Further, we present a novel distinguisher for RC4 which shows that under certain conditions the equality of two consecutive bytes is more probable than by random association. Our analysis holds regardless of the amount of initial keystream bytes thrown away during the RC4 PRGA.
© de Gruyter 2008
This article is distributed under the terms of the Creative Commons Attribution Non-Commercial License, which permits unrestricted non-commercial use, distribution, and reproduction in any medium, provided the original work is properly cited.