Generalized Analysis on Key Collisions of Stream Cipher RC4

Jiageng CHEN  Atsuko MIYAJI  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E94-A    No.11    pp.2194-2206
Publication Date: 2011/11/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E94.A.2194
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Information Theory and Its Applications)
Category: Cryptography and Information Security
RC4,  key collisions,  KSA,  hamming distance,  RC4-Hash,  

Full Text: PDF(1.3MB)>>
Buy this Article

The fact that the stream cipher RC4 can generate colliding key pairs with hamming distance one was first discovered by Matsui in FSE 2010. This kind of weakness demonstrates that two different secret keys have the same effect on the cipher's encryption and the corresponding decryption procedure. In this paper, we further investigate the property of RC4 key collisions and achieved the following results:
1. We show that RC4 can generate colliding key pairs with various hamming distances, which cannot be generated by Matsui's pattern. We also give concrete examples of colliding key pairs with hamming distances greater than one.
2. We formalize RC4 colliding key pairs into two large patterns, namely, Transitional pattern and Self-Absorbing pattern. All the currently known colliding key pairs can be categorized into either two patterns.
3. We analyze both patterns and clarified the relations among the probability of key collision, key length and hamming distances which yield the colliding key pairs.
4. We demonstrate the vulnerability of key collisions by showing collisions of RC4-Hash function proposed in INDOCRYPT 2006. Some concrete experimental results of RC4-Hash collision are also given in this paper.