Statistical weaknesses in the alleged RC4 keystream generator

Σχετικά έγγραφα
( ) ( t) ( 0) ( ) dw w. = = β. Then the solution of (1.1) is easily found to. wt = t+ t. We generalize this to the following nonlinear differential

I.I. Guseinov. Department of Physics, Faculty of Arts and Sciences, Onsekiz Mart University, Çanakkale, Turkey

= e 6t. = t 1 = t. 5 t 8L 1[ 1 = 3L 1 [ 1. L 1 [ π. = 3 π. = L 1 3s = L. = 3L 1 s t. = 3 cos(5t) sin(5t).

The one-dimensional periodic Schrödinger equation

MATRICES WITH CONVOLUTIONS OF BINOMIAL FUNCTIONS, THEIR DETERMINANTS, AND SOME EXAMPLES

A NOTE ON ENNOLA RELATION. Jae Moon Kim and Jado Ryu* 1. INTRODUCTION

Multi-dimensional Central Limit Theorem

Approximation of the Lerch zeta-function

Variance of Trait in an Inbred Population. Variance of Trait in an Inbred Population

Multi-dimensional Central Limit Theorem

TP A.20 The effect of spin, speed, and cut angle on draw shots

Fractional Calculus. Student: Manal AL-Ali Dr. Abdalla Obeidat

Appendix. The solution begins with Eq. (2.15) from the text, which we repeat here for 1, (A.1)

ECE145a / 218a Tuned Amplifier Design -basic gain relationships

Matrices and Determinants

On homeomorphisms and C 1 maps

C.S. 430 Assignment 6, Sample Solutions

Practice Exam 2. Conceptual Questions. 1. State a Basic identity and then verify it. (a) Identity: Solution: One identity is csc(θ) = 1

Ordinal Arithmetic: Addition, Multiplication, Exponentiation and Limit

Finite Field Problems: Solutions

CE 530 Molecular Simulation

Vidyalankar. Vidyalankar S.E. Sem. III [BIOM] Applied Mathematics - III Prelim Question Paper Solution. 1 e = 1 1. f(t) =

( ) ( ) ( ) Fourier series. ; m is an integer. r(t) is periodic (T>0), r(t+t) = r(t), t Fundamental period T 0 = smallest T. Fundamental frequency ω

Reminders: linear functions

One and two particle density matrices for single determinant HF wavefunctions. (1) = φ 2. )β(1) ( ) ) + β(1)β * β. (1)ρ RHF

AcO. O OAc OCH 3. Compound Number. (chloroform) Notes: M. Mozuch #36/46/Ac 21 mg. Acetone DMSO. CDCl 3. Atom

Mock Exam 7. 1 Hong Kong Educational Publishing Company. Section A 1. Reference: HKDSE Math M Q2 (a) (1 + kx) n 1M + 1A = (1) =

Derivation of the Filter Coefficients for the Ramp Invariant Method as Applied to Base Excitation of a Single-degree-of-Freedom System Revision B

Commutative Monoids in Intuitionistic Fuzzy Sets

Main source: "Discrete-time systems and computer control" by Α. ΣΚΟΔΡΑΣ ΨΗΦΙΑΚΟΣ ΕΛΕΓΧΟΣ ΔΙΑΛΕΞΗ 4 ΔΙΑΦΑΝΕΙΑ 1

Generalized Normal Type-2. Triangular Fuzzy Number

Πανεπιστήµιο Κρήτης - Τµήµα Επιστήµης Υπολογιστών. ΗΥ-570: Στατιστική Επεξεργασία Σήµατος. ιδάσκων : Α. Μουχτάρης. εύτερη Σειρά Ασκήσεων.

Managing Production-Inventory Systems with Scarce Resources

Estimation of grain boundary segregation enthalpy and its role in stable nanocrystalline alloy design

Αλγόριθμοι και πολυπλοκότητα Maximum Flow

α ]0,1[ of Trigonometric Fourier Series and its Conjugate

A Class of Orthohomological Triangles

George S. A. Shaker ECE477 Understanding Reflections in Media. Reflection in Media

ST5224: Advanced Statistical Theory II

Phys460.nb Solution for the t-dependent Schrodinger s equation How did we find the solution? (not required)

Congruence Classes of Invertible Matrices of Order 3 over F 2

EE512: Error Control Coding

Every set of first-order formulas is equivalent to an independent set

HOMEWORK 4 = G. In order to plot the stress versus the stretch we define a normalized stretch:

ΓΗ ΚΑΙ ΣΥΜΠΑΝ. Εικόνα 1. Φωτογραφία του γαλαξία μας (από αρχείο της NASA)

Νόµοςπεριοδικότητας του Moseley:Η χηµική συµπεριφορά (οι ιδιότητες) των στοιχείων είναι περιοδική συνάρτηση του ατοµικού τους αριθµού.

MathCity.org Merging man and maths

Solution Series 9. i=1 x i and i=1 x i.

Areas and Lengths in Polar Coordinates

2. Μηχανικό Μαύρο Κουτί: κύλινδρος με μια μπάλα μέσα σε αυτόν.

Sequent Calculi for the Modal µ-calculus over S5. Luca Alberucci, University of Berne. Logic Colloquium Berne, July 4th 2008

A Two-Sided Laplace Inversion Algorithm with Computable Error Bounds and Its Applications in Financial Engineering

Ed Stanek. c08ed01v6.doc A version of the grant proposal to be submitted for review in 2008.

On Quasi - f -Power Increasing Sequences

CRASH COURSE IN PRECALCULUS

Example Sheet 3 Solutions

Fractional Colorings and Zykov Products of graphs

Jesse Maassen and Mark Lundstrom Purdue University November 25, 2013

3.4 SUM AND DIFFERENCE FORMULAS. NOTE: cos(α+β) cos α + cos β cos(α-β) cos α -cos β

ΜΟΝΑΔΕΣ ΑΡΙΣΤΕΙΑΣ ΑΝΟΙΧΤΟΥ ΛΟΓΙΣΜΙΚΟΥ

Το άτομο του Υδρογόνου

Advanced Subsidiary Unit 1: Understanding and Written Response

Ανάκτηση Πληροφορίας

Econ 2110: Fall 2008 Suggested Solutions to Problem Set 8 questions or comments to Dan Fetter 1

Ψηφιακή Επεξεργασία Εικόνας

Areas and Lengths in Polar Coordinates

MINIMAL CLOSED SETS AND MAXIMAL CLOSED SETS

Estimators when the Correlation Coefficient. is Negative

Approximate System Reliability Evaluation

Queueing Theory I. Summary. Little s Law Queueing System Notation Stationary Analysis of Elementary Queueing Systems. M/M/1 M/M/m M/M/1/K

ω = radians per sec, t = 3 sec

STARTING STEPS IN GRAMMAR, FINAL TEST C TERM 2012 UNITS 1-18

Lecture 2. Soundness and completeness of propositional logic

Cyclic or elementary abelian Covers of K 4

New bounds for spherical two-distance sets and equiangular lines

Section 8.3 Trigonometric Equations

A Note on Intuitionistic Fuzzy. Equivalence Relation

LAPLACE TRANSFORM TABLE

Latent variable models Variational approximations.

Homomorphism of Intuitionistic Fuzzy Groups

Exercises 10. Find a fundamental matrix of the given system of equations. Also find the fundamental matrix Φ(t) satisfying Φ(0) = I. 1.

Neutralino contributions to Dark Matter, LHC and future Linear Collider searches

Απόκριση σε Μοναδιαία Ωστική Δύναμη (Unit Impulse) Απόκριση σε Δυνάμεις Αυθαίρετα Μεταβαλλόμενες με το Χρόνο. Απόστολος Σ.

Solar Neutrinos: Fluxes

ΚΥΠΡΙΑΚΗ ΕΤΑΙΡΕΙΑ ΠΛΗΡΟΦΟΡΙΚΗΣ CYPRUS COMPUTER SOCIETY ΠΑΓΚΥΠΡΙΟΣ ΜΑΘΗΤΙΚΟΣ ΔΙΑΓΩΝΙΣΜΟΣ ΠΛΗΡΟΦΟΡΙΚΗΣ 6/5/2006

Ι ΙΟΤΗΤΕΣ ΤΩΝ ΑΤΟΜΩΝ. Παππάς Χρήστος Επίκουρος Καθηγητής

Homework 3 Solutions

University of Washington Department of Chemistry Chemistry 553 Spring Quarter 2010 Homework Assignment 3 Due 04/26/10

( )( ) ( ) ( )( ) ( )( ) β = Chapter 5 Exercise Problems EX α So 49 β 199 EX EX EX5.4 EX5.5. (a)

Nowhere-zero flows Let be a digraph, Abelian group. A Γ-circulation in is a mapping : such that, where, and : tail in X, head in

Approximation of distance between locations on earth given by latitude and longitude

Chapter 6 ( )( ) 8 ( ) ( )( ) Exercise Solutions. Microelectronics: Circuit Analysis and Design, 4 th edition Chapter 6. EX6.

ΚΥΠΡΙΑΚΗ ΕΤΑΙΡΕΙΑ ΠΛΗΡΟΦΟΡΙΚΗΣ CYPRUS COMPUTER SOCIETY ΠΑΓΚΥΠΡΙΟΣ ΜΑΘΗΤΙΚΟΣ ΔΙΑΓΩΝΙΣΜΟΣ ΠΛΗΡΟΦΟΡΙΚΗΣ 11/3/2006

Mean-Variance Analysis

ΠΕΡΙΟΔΙΚΟΣ ΠΙΝΑΚΑΣ ΣΤΟΙΧΕΙΩΝ

Lanczos and biorthogonalization methods for eigenvalues and eigenvectors of matrices

ΝΟΜΟΣ ΤΗΣ ΠΕΡΙΟ ΙΚΟΤΗΤΑΣ : Οι ιδιότητες των χηµικών στοιχείων είναι περιοδική συνάρτηση του ατοµικού τους αριθµού.

Xiaoquan (Michael) Zhang

On a four-dimensional hyperbolic manifold with finite volume

9.1 Introduction 9.2 Lags in the Error Term: Autocorrelation 9.3 Estimating an AR(1) Error Model 9.4 Testing for Autocorrelation 9.

Transcript:

Sacal weaknee n he alleged RC4 keyrea generaor Marna Pudovkna Mocow Engneerng Phyc Inue (Sae Unvery) arcap@onlneru Abrac A large nuber of rea cpher were propoed and pleened over he la weny year In 987 Rve degned he RC4 rea cpher whch wa baed on a dfferen and ore ofware frendly paradg I wa negraed no Mcroof Wndow Lou Noe Apple AOCE Oracle Secure SQL and any oher applcaon and ha hu becoe he o wdely ued a ofware-baed rea cpher In h paper we decrbe oe propere of an oupu equence of RC4 I proved ha he drbuon of fr econd oupu value of RC4 and dgraph are no unfor whch ake RC4 rval o dnguh beween hor oupu of RC4 and rando rng by analyzng her fr or econd oupu value of RC4 or dgraph Inroducon A large nuber of rea cpher were propoed and pleened over he la weny year Mo of hee cpher were baed on varou cobnaon of lnear feedback hf reger whch were eay o pleen n hardware bu relavely low n ofware In 987 R Rve degned he RC4 rea cpher whch wa baed on a dfferen and ore ofware frendly paradg I degn wa kep a rade ecre unl 994 An anonyou ource claed o have revereengneered h algorh and publhed an alleged pecfcaon of n 994 I wa negraed no Mcroof Wndow Lou Noe Apple AOCE Oracle Secure SQL and any oher applcaon and ha hu becoe he o wdely ued a ofware-baed rea cpher The alleged RC4 keyrea generaor an algorh for generang an arbrarly long peudorando equence baed on a varable lengh key The peudorando equence conecured o be crypographcally ecure for ung n a rea cpher RC4 n fac a faly of algorh ndexed by paraeer whch a pove neger The value of 56 of greae nere a h value ued by all known RC4 applcaon In h paper we decrbe oe propere of an oupu equence of RC4 I proved ha he drbuon of fr econd oupu value of RC4 and dgraph are no unfor Alo we oban generalzaon reul of Fluhrer SR McGrew D and Mann I Shar A for dfferen nal value of and The followng andard noaon wll be ued hroughou: N { } Z { } S he e of all poble peruaon of Z Decrpon of he RC4 cpher The RC4 rea cpher odeled a fne auoaa A g (F f Z Z S Z ) where F: Z Z S Z Z S a nex-ae funcon f: Z Z S Z an oupu funcon The RC4 rea cpher depend on n n N The ae of he RC4 cpher a e ( ) Z Z S and he nal ae ( ) Conder he RC4 cpher a e ( ) The nex-ae funcon F

(od ); (od ); ; 4 r r r \{ } The oupu funcon f Oupu: z ( )(od ) Encrypon x : c x z Decrypon c : x c z Decrpon of he ued probablc odel We wll ue he followng probablc odel Aue ha he peruaon S randoly choen fro S e P{ }/! Conder a probablc odel whou replaceen Then P{ ra}/ r P{ r k a k r k a k r a } where k {a a k } { } {r r k } { } {a a k } {r r k } k Le u uppoe ha P{ }/! и P{ ra}/ r P{ r k a k r k- a k- r a } and doe no depend on k Noe ha и ( ) (od ) ( ) (od ) ( ) (od ) Propoon Aue ha he peruaon S randoly choen fro S and ( ) (od ) If (od ) hen a) P{k} for k ( - ) ) b) P{( - )} If (od ) hen a) P{k} ) for k (od ) k ( - ) b) P{k} for k (od ) c) P{( )} Proof Ung ( ) (od )( )(od )( )(od ) we ge P{k} P { } P{ k } P{ k } P{ k } P{ k } k Copue P{k} a) If (od ) hen for k ( - ) we oban

P{k} } { k k P ) ( P{( - )} } { P } { P Noe ha k} P{ k P{k k ( - )}(-) P{( - )} b) If (od ) hen P{( - )} } { P } { P ; P{k k (od ) k ( - )} } { k k P ) ( ; If k (od ) hen P{k} } { k P ; The proof copleed 4 The drbuon of he fr oupu value of RC4 In h econ we decrbe oe propere of an oupu equence of RC4 I proved ha he drbuon of fr oupu value of RC4 no unfor Noe ha he followng reul wa preened a he MIPT conference 9 Theore (he drbuon of he fr oupu value z ) Aue ha he peruaon S randoly choen fro S Le ( ) Z Z S be an nal ae of RC4 Le and for any N: a) f ν hen P{ z ν} ) ( b) P{z } Le (od ) (od ): a) f ν { } hen P{ z ν} ) ( ) )( ( b) P{z } ) ( c) P{ z } ) ( Le (od ): a) f ν { - (od )} hen P{ z ν} ) ( ) )( (

b) P{z } ) )( ) c) P{ z } ) )( ) d) P{ z - (od )} ) )( ) 4 Le (od ) (od ): a) f ν { - (od ) - /(od )} hen P{z ν} ) 4 )( ) b) P{z } ) )( ) c) P{ z } ) )( ) d) P{ z - (od )} ) )( ) e) P{ z - /(od )} ) )( ) Proof Ung he full probably forula we oban ha P{z ν} P{ } P{ ν } P{ - ν} ν P{ } ν ν} P{ ν } P{ - ν}p{ ν} P{ ν - Rewre P{z ν}p{a} P{B} where P{A}P{ ν} P{ ν -ν ν} () P{B} P{ } P{ ν } P{ - ν} () ν In he followng lea we copue P{A} Lea a) If ν ν hen P{A} ) b) If eher ( ν ν ) or (ν ν) hen P{A} c) If ν hen P{A} The proof follow fro P{A}P{ ν} P{ ν -ν ν} Noe ha P{B} dependence on P{ - ν} whch a) f eher ( и ) or ( и ν) hen P{ - ν}p{ } b) f ( и ) ( и ) ( и ν) and ( и ν) hen P{ ν} 4

Therefore we can rewre P{B} a P{B} P{ } P{ ν } P{ - ν}p{ } ν P{ ( )ν } P{ ν} ν} P{ ν νν } ν - ν ν ν} ν} ( ν ) ν ν ν ( ν ) ν P{ } ν P{ ν } P{ - P{ ν νν } P{ P{ ν } P{ ν } () P{ ν } P{ - Fro () we ee ha P{B} he u of four uand e P{B} P{B } P{B } P{B } P{B 4 } where P{B } P{ } P{ ( )ν } P{B } P{ } P{B } P{ ν} ν} for ν P{B 4 } ν ν ν ( ν ) ν P{ } P{ ν } P{ - ν} for ν P{ ν ν} P{ ν - ν ν ν P{B } for ν and P{B } for ν P{ ν } P{ - ν} We hall fnd P{B } P{B } P{B } P{B 4 } Noe ha P{B } P{B } P{B } P{B 4 } accep dfferen value dependng on z (ν) For all cae we fnd P{B } 4 whch are decrbed n he lea For convenence of readng of he proof all hee cae are reuled n able Table Value P{B } 4 P{B } и ν or ν ) 5

(ν ) or ( ν ) or (ν - ν) P{B } ν { - }and )( ) ν or (ν ν) ν { }and ν ν - ν ν P{B } )( ) ) P{B 4 } ν { }and ν ν ν ν ν (od ) (od ) ( 4) )( ) ( 4) ) ( ) ) ( 4)( ) )( ) (od ) (od ) (od ) ( 4) )( ) ( 4) )( ) ( ) ( ) )( ) )( ) ) ( ) ( ) )( ) )( ) ) )( ) ( 4)( ) )( ) ( 4)( ) )( ) P{B 4 } ν ν ( ) )( ) Now le u prove he followng lea Lea If eher or ν hen P{B } ) Proof Noe ha P{B } P{ ν } P{ ( )ν } ) The lea proved Lea If ν { } hen P{B } )( ) If eher ( ν ) or (ν - ν) hen P{B } Proof Le u conder he followng cae 6

If ν - ν hen P{B } P{ ν} ν ν} ; )( ) If ν hen P{B } P{ ν} ν} The lea proved ν P{ ν } P{ - P{ ν } P{ - Lea 4 If ν ν - ν hen P{B } )( ) If ν ν hen P{B } If ν ν - ν hen P{B } ) Proof Le u conder he followng cae If ν ν - ν hen P{B }P{ ν ν} ν} ; )( ) If ν ν hen P{B }P{ } }; If ν ν - ν hen P{B }P{ ν} )( ) The lea proved ( ν ) ν ( ) P{ ν ν} P{ ν ν ν P{ } P{ P{ - } P{ - } Le u fnd P{B 4 } We re ha he value of P{B 4 } dependen on he nuber of oluon of (od ) I follow ha we have he followng cae whch are dependen on pary of и : a) f (od ) (od ) hen we have no any oluon b) f (od ) hen we have he followng oluon - (od ) c) f (od ) (od ) hen we have he followng oluon - (od ) and - / (od ) Therefore P{B 4 } and he drbuon of he fr value dependen on pary of и Lea 5 Le ν ν ν Then: 7

( 4) a) P{B 4 } for (od ) (od ) )( ) ( 4) b) P{B 4 } for (od ) )( ) ( 4) c) P{B 4 } for (od ) (od ) )( ) Proof Le u conder he followng cae: f (od ) (od ) hen P{B 4 } ν ν P{ } ( 4) )( ) f (od ) hen P{B 4 } ν ν - } ν P{ } ν ν P{ ν } P{ - ν} P{ ν } P{ - ν}p{ P{ ν - } P{ - - - - ( 4)( 5) ( ) ( 4) ν} )( ) )( ) )( ) f (od ) (od ) hen P{B 4 } ν ν / P{ - } P{ - /} P{ } ν / ν / ν P{ ν } P{ - ν} P{ ν - } P{ - - - - ν} P{ ν - /} P{ - / / - - ( 4)( 6) ( ) ( 4) / ν} )( ) )( ) )( ) The lea proved Lea 6 Le ν Then: ( 4) a) P{B 4 } for (od ) (od ) ) ( ) b) P{B 4 } for (od ) )( ) ( ) c) P{B 4 } for (od ) (od ) )( ) 8

Proof Noe ha P{B 4 } P{ } and conder he followng cae: f (od ) (od ) hen f (od ) hen P{B 4 } }P{ - } P{ } ν ν P{ } P{ - } ( 4)( ) ( 4) P{B 4 } )( ) ) P{ } P{ - P{ - } P{ - - - - ( 4)( ) ( ) ( ) } ; )( ) )( ) )( ) f (od ) (od ) hen P{B 4 } / - } /} ν / ν / P{ } ν P{ ν } P{ - ν} P{ P{ ν - } P{ - - - - ν} P{ - P{ ν - /} P{ - / / - - / ( 4) ( ) ( ) ν} )( ) )( ) )( ) The lea proved Lea 7 Le ν Then: ( ) a) P{B 4 } for (od ) (od ) ) ( ) b) P{B 4 } for (od ) )( ) ) ( ) c) P{B 4 } for (od ) (od ) )( ) ) )( ) Proof Noe ha P{B 4 } P{ } P{ } P{ - } and conder he followng cae: f (od ) (od ) hen 9

( )( ) ( ) P{B 4 } )( ) ) f (od ) то P{B 4 } P{ } P{ } P{ - }P{ - } P{ - } P{ - - - - } ( ) ( ) ( ) ; )( ) )( ) )( ) ) f (od ) (od ) hen P{B 4 } P{ } P{ } P{ - } P{ - } /} / / P{ - } P{ - - - - }P{ - P{ - /} P{ - / / - - / ( 4)( ) ( ) ( ) } )( ) )( ) )( ) The lea proved ( 4)( ) Lea 8 Le ν ν Then P{B 4 } )( ) Proof For (od ) we have P{B 4 } ν ν P{ } ν ν ( 4)( ) 5 )( ) ) )( ) A before we prove anoher cae The lea proved ) )( ) P{ ν } P{ - ν} Lea 9 Le Then: ( ) a) P{B 4 } )( ) for ν b) P{B 4 } for ν Proof Le u conder he followng cae: If ν hen

P{B 4 } ν ν P{ } ( ) )( ) f ν hen P{B 4 } P{ } ( )( ) )( ) The lea proved P{ ν } P{ ν} P{ } P{ } Now we copue he drbuon of he fr oupu value of RC4 e P{z ν} Th wll be coplee he proof Lea Le ν ν ν Then: a) P{ z ν} for (od ) (od ) ) )( ) b) P{z ν} for (od ) ) )( ) 4 c) P{z ν} for (od ) (od ) ) )( ) Proof Noe ha P{z ν}p{a} P{B } P{B }P{B }P{B 4 } ) ) )( ) 4 P{B 4 } P{B 4 } and conder he followng cae: )( ) ) )( ) f (od ) (od ) hen 4 ( 4) 4 6 P{z ν} ) )( ) )( ) )( ) ) )( ) f (od ) hen 4 ( 4) P{z ν} ) )( ) )( ) ) )( ) f (od ) (od ) hen 4 ( 4) P{z ν} ) )( ) )( ) ) The lea proved 4 )( )

Lea Le ν Then: a) P{ z } for (od ) (od ) ) b) P{ z } for (od ) ) )( ) c) P{z } for (od ) (od ) ) )( ) Proof Noe ha P{z } P{A} P{B } P{B }P{B }P{B 4 } P{B 4 } and conder he ) followng cae: f (od ) (od ) hen ( 4) P{z } ) ) ) f (od ) hen ( ) P{z } ) )( ) ) )( ) f (od ) (od ) hen ( ) P{z } ) )( ) ) )( ) The lea proved Lea Le ν Then: a) P{z } for (od ) (od ) ) b) P{ z } for (od ) ) )( ) c) P{z } for (od ) (od ) ) )( ) Proof Noe ha P{z } ( ν ) P{ ν } P{ ν }P{A} P{B } P{B }P{B } ( ) ( ) P{B 4 } P{B 4 } P{B 4 } ) ) ) ) ) Le u conder he followng cae: f (od ) (od ) hen ( ) ( ) P{z } ) ) ) ) f (od ) hen ( ) ( ) P{z } ) ) )( ) ) ) ) )( ) ) )( ) f (od ) (od ) hen

( ) P{z } ) ) )( ) The lea proved ( ) )( ) ) )( ) ) Lea Le ν ν Then P{z ν} ) )( ) Proof Noe ha P{z ν}p{a}p{b }P{B }P{B }P{B 4 } ) )( ) ( ) )( ) ) ) )( ) The lea proved ( 4)( ) )( ) Lea 4 Le Then a) P{ z ν } ) for ν b) P{z } Proof Le u conder he followng cae: f ν hen ( ) ( ) P{z ν} ) )( ) )( ) ) ) f ν hen The lea proved Lea -4 coplee he proof P{z } Theore decrbe he drbuon of he econd oupu value z Theore (he drbuon of he econd oupu value z ) Aue ha he peruaon S randoly choen fro S Le ( ) Z Z S be any nal ae of RC4 Then: I a) P{z } O( ) for b) P{z k} O( ) for k II a) P{z } O( ) for b) P{z k} O( ) for k Anoher cae P{z k} O( ) k

The heore proved a heore Sre ha he fr pecal cae (P{z } where ) of heore wa found A Shar I Mann 5 The drbuon of dgraph of RC4 In h econ we fnd he drbuon of dgraph n an oupu equence of RC4 We begn wh he followng heore Theore 4 (condonal probable of he econd oupu value) Aue ha he peruaon S randoly choen fro S Le ( ) Z Z S be an nal ae of RC4 I Le Then a) P{z z k } O( ) for k b) P{z k z k } O( ) for k II Le Then a) P{z z k } O( ) for k b) P{z k z k } O( ) for k III Le Then a) P{z k z } O( ) for k k k (od ) b) P{z k z k } O( ) for anoher cae Proof Noe ha k and conder rando varable: и I clear ha hey are dependen Fro he full probably forula we ge ha P{z k z k } P{ }P{ k k } P{ }P{ r r } P{ k k } k } r P{ } P{ }P{ k P{ }P{ }P{ k k } r r P{ } P{ r } P{ rk k }P{ }P{ }P{ k k } (4) Fro (4) follow ha P{z k z k } P{A } P{A } P{A } P{A 4 } P{A 5 } where P{A } P{ }P{ r } P{ k z k } r P{A } r P{ } P{ }P{ k z k } 4

P{A } P{A 4 } r r P{ }P{ }P{ k z k } P{ }P{ r } P{ rk z k } P{A 5 } P{ }P{ }P{ k z k } Denoe h We hall eae of P{A } P{A 5 } Lea P{A } O( ) Proof Noe ha P{A } r r P{ }P{ r } P{ k z k } 5 h r r k P{ h hk } P{ k hk h} P{ hk } P{ r k hk h}p{ r r r k hk h} Therefore )( )( ) P{A }~ O( ( )( )( )( 4)( 5) ); The lea proved Lea If k k hen P{A } O( ) ele P{A }O( ) Proof Noe ha P{A } P{ } P{ }P{ k z k } P{ k z k } P{ k z k } P{ k z k }P{ k z k } P{ k k hk } P{ h k hk } h h k k P{ k k k hk h}p{ k k k k k hk h} Le u conder he followng cae I Le ; hen: a) for k k we ge P{A } P{ hk } P{ h hk } P{ h h hk h} h h h k P{ hk } P{ h hk } P{ hk h} P{ k k } P{ k hk }~

( )( 4) ( )( 4) ~ ~ ( )( ) ( )( )( ) ( ) ( )( )( ) ( ) ( )( ) O( ) c) for k k we ge P{A } P{ h} P{ h h} P{ h k h h h}; b) for k we have P{A } P{ k k hk } P{ h k hk } P{ k h h k k k k hk h}p{ k k k k k hk h} II Le ; hen P{A } P{ k k hk } P{ h k hk } P{ k h h k k k k hk h}p{ k k k k k h k h} a) for k we ge P{A } b) for k we have P{A }~ O( ( )( ) ) The lea proved Lea If k k hen P{A 5 } ( ) Proof We re ha P{A 5 } h 6 ele P{A 5 }O( ) P{ }P{ }P{ h hk }P{ k hk } P{ k hk } P{ h hk k } h P{ k h k h}p{ k k hk hk h} P{ k k k } P{ k k k k k } P{ h hk } P{ k h h k k h hk } P{ k k h k k hk } Therefore P{A 5 } P{B } P{B } where P{B } P{ k k k } P{ k k k k k } P{B } P{ h hk } P{ k h hk }P{ k h h k k k h k k hk } We wll conder he followng cae I Le k ; hen P{A 5 } II Le ; hen: a) for k ; k ; k k we have

P{B } P{ k k } P{ k k k k k } P{B } P{ h hk } P{ h hk } ( ) h h Therefore P{A 5 } ( ) b) for k we ge ha P{A 5 } II Le ; hen: a) for k k we have P{B }P{ k k k } P{ k k k k k } b) for k k ; k ; k ; k ; ; ( k ); k ; k we ge P{B }P{ k k } ( ) c) for k k ; k ; k ; k ; e ( k ); k we have P{B }P{ k k } P{ k k k k k } O( ( )( ) ) In oher cae P{B } III Le k k ; ; k ; ( hk ); hen: a) for k we ge P{B }P{ k k } P{ k k k k k } b) for k we have P{B }P{ k k } P{ k k k k k } ( )( ) O( ) IV Le k k ; k ; hen: a) for k we have P{B } P{ h hk } P{ k h hk } h h k k P{ k k h k k hk } b) for k we have P{B }P{ k k hk } P{ k k k } c) for k ; we ge P{B } h h k k P{ h hk } P{ k h hk } P{ k k h k k hk }~ ( )( ) The lea proved Lea 4 a) P{A }O( ) b) P{A 4 } O( ) The proof by drec calculaon O( ) 7

The proof follow fro lea 4 and P{z k z k }P{A } P{A } P{A } P{A 4 } P{A 5 } The heore proved Noe ha even A and A 5 gve non-unfory n he drbuon P{A } P{ } P{ }P{ k z k }; P{A 5 } P{ }P{ }P{ k z k } The even A ean ha we have k and The even A 5 ean ha we have and By he prevou heore and heore we oban he proof heore 5 We re ha he followng reul wa preened a he MEPhI Theore 5 ( he drbuon of dgraph) Aue ha he peruaon S randoly choen fro S Le ( ) Z Z S be any nal ae of RC4 I Le Then: a) P{z z k } O( ) for k k b) P{z k z } O( ) for k c) P{z k z k } O( ) for k k II Le Then: a) P{z k z } O( ) for k k b) P{z k z k } O( ) for k III Le Then: a) P{z z k } O( ) for k k b) P{z k z k } O( ) for k k IV Le Then: a) P{z z } O( ) for k k b) P{z k z k } O( ) for k k V Le Then: P{z k z } O( ) for k k P{z k z k } O( ) for k k Anoher cae P{z k z k } O( ) (k k ) Z 8

6 Concluon In h paper we condered acal propere of he RC4 rea cpher We proved ha he drbuon of fr econd oupu value of RC4 and dgraph are no unfor Th ake RC4 rval o dnguh beween hor oupu of RC4 and rando rng by analyzng her fr or econd oupu value of RC4 or dgraph 7 Acknowledgen The auhor graeful o y cenfc adver profeor Pogorelov B A for conan aenon o h work Reference Golc J D Lnear Sacal Weakne of Alleged RC4 Keyrea Generaor Advance n Crypology -- EUROCRYPT '97 Fluhrer SR McGrew D A Sacal analy of he alleged RC4 keyrea generaor Proceedng of FSE Sprnger-Verlag Mann I Shar A A praccal aack on broadca RC4 Proceedng of FSE Sprnger- Verlag 4 Mer S Tavare S Crypanaly of RC4-lke cpher Proceedng of SAC 98 Sprnger- Verlag 5 Knuden L Meer W Preneel B Ren V Verdoolaege S Analy ehod for (alleged) RC4 Proceedng of ASIACRYPT 99 Sprnger-Verlag 6 Groul AL Wallach DS A relaed key crypanaly of RC4 o appear 7 Pudovkna M Shor cycle of he alleged RC4 keyrea generaor nd Inernaonal Workhop on Copuer Scence and Inforaon Technologe CSIT YFA 8 M Pudovkna Sacal weakne n he alleged RC4 keyrea generaor 4 Inernaonal Workhop on Copuer Scence and Inforaon Technologe CSIT 9 Пудовкина М А О распределении первого выходного символа криптосистеме RC4 в сб научных трудов XLIV юбилейной научной конференции МФТИ Москва Долгопрудный (n Ruan) Пудовкина М А О распределении биграмм в криптосхеме RC4 В сб научных трудов конференции «Проблемы информационной безопасности в системе высшей школы» Москва (n Ruan) Пудовкина М А Об одной системе образующих с ограничениями В сб научных трудов конференции «Проблемы информационной безопасности в системе высшей школы» Москва (n Ruan) Пудовкина М А О свойствах алгоритма поточного шифрования RC4 В сб тезисов конференции «Методы и технические средства обеспечения безопасности информации» Санкт-Петербург (n Ruan) 9

2025 © DocPlayer.gr Πολιτική Απορρήτου | Όροι Χρήσης | Σχόλια