A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher [chapter]

Souradyuti Paul, Bart Preneel
2004 Lecture Notes in Computer Science  
The paper presents a new statistical bias in the distribution of the first two output bytes of the RC4 keystream generator. The number of outputs required to reliably distinguish RC4 outputs from random strings using this bias is only 2 25 bytes. Most importantly, the bias does not disappear even if the initial 256 bytes are dropped. This paper also proposes a new pseudorandom bit generator, named RC4A, which is based on RC4's exchange shuffle model. It is shown that the new cipher offers
more » ... sed resistance against most attacks that apply to RC4. RC4A uses fewer operations per output byte and offers the prospect of implementations that can exploit its inherent parallelism to improve its performance further.
doi:10.1007/978-3-540-25937-4_16 fatcat:aznjtl3wqzd3zhlyqpn7ivkxou