Iterative Probabilistic Reconstruction of RC4 Internal States


It is shown that an improved version of a previously proposed iterative probabilistic algorithm, based on forward and backward probability recursions along a short keystream segment, is capable of reconstructing the RC4 internal states from a relatively small number of known initial permutation entries. Given a modulus NN, it is argued that about N/3N/3 and N/10N/10 known entries are sufficient for success, for consecutive and specially generated entries, respectively. The complexities of the corresponding guess-and-determine attacks are analyzed and, e.g., for N=256N=256, the data and time complexities are (conservatively) estimated to be around Dβ‰ˆ241D \approx 2^{41}, Cβ‰ˆ2689C \approx 2^{689} and Dβ‰ˆ2211D \approx 2^{211}, Cβ‰ˆ2262C \approx 2^{262}, for the two types of guessed entries considered, respectively

    Similar works

    Full text


    Available Versions