- Authors:
- Goutam Paul,
- Subhamoy Maitra
RC4 Stream Cipher and Its Variants is the first book to fully cover the popular software stream cipher RC4. With extensive expertise in stream cipher cryptanalysis and RC4 research, the authors focus on the analysis and design issues of RC4. They also explore variants of RC4 and the eSTREAM finalist HC-128. After an introduction to the vast field of cryptology, the book reviews hardware and software stream ciphers and describes RC4. It presents a theoretical analysis of RC4 KSA, discussing biases of the permutation bytes toward secret key bytes and absolute values. The text explains how to reconstruct the secret key from known state information and analyzes the RC4 PRGA in detail, including a sketch of state recovery attacks. The book then describes three popular attacks on RC4: distinguishing attacks, Wired Equivalent Privacy (WEP) protocol attacks, and fault attacks. The authors also compare the advantages and disadvantages of several variants of RC4 and examine stream cipher HC-128, which is the next level of evolution after RC4 in the software stream cipher paradigm. The final chapter emphasizes the safe use of RC4. With open research problems in each chapter, this book offers a complete account of the most current research on RC4. It not only covers the basics of cryptography, but also provides a comparative study of RC4 with other stream ciphers.
Cited By
- Couturier R, Noura H and Chehab A (2020). ESSENCE: GPU-based and dynamic key-dependent efficient stream cipher for multimedia contents, Multimedia Tools and Applications, 79:19-20, (13559-13579), Online publication date: 1-May-2020.
- Noura H and Chehab A An Efficient and Secure Variant of RC4 Stream Cipher Scheme for Emerging Networks 2019 IEEE Wireless Communications and Networking Conference (WCNC), (1-8)
- Noura H, Chehab A and Couturier R Lightweight Dynamic Key-Dependent and Flexible Cipher Scheme for IoT Devices 2019 IEEE Wireless Communications and Networking Conference (WCNC), (1-8)
- Manifavas C, Hatzivasilis G, Fysarakis K and Papaefstathiou Y (2016). A survey of lightweight stream ciphers for embedded systems, Security and Communication Networks, 9:10, (1226-1246), Online publication date: 10-Jul-2016.
- Maitra S and Sen Gupta S New Long-Term Glimpse of RC4 Stream Cipher Proceedings of the 9th International Conference on Information Systems Security - Volume 8303, (230-238)
Index Terms
- RC4 Stream Cipher and Its Variants
Reviews
S. Nagaraj
Cryptography is a hot topic these days due to its use in securing communications. Ciphers used in cryptography are generally classified as block ciphers and stream ciphers. Block ciphers operate on blocks of data, while stream ciphers operate on bits of plaintext. Stream ciphers generally operate much faster than block ciphers. To this day, no one stream cipher is a de facto standard. This book discusses the widely used RC4 stream cipher and its variants. It has been published under the "Discrete Mathematics and Its Applications" series, and is the first book that deals exclusively with RC4. It is meant for use as a reference text for graduate and advanced undergraduate students. Familiarity with combinatorics, data structures, algorithms, and probability and statistics is expected of the readers. In the first of ten chapters, the authors introduce cryptology and acquaint the reader with some commonly used terminology. The introduction is very brief at just ten pages. Stream ciphers and RC4 are then presented. Attack models for cryptanalysis of stream ciphers are discussed, along with hardware and software stream ciphers. The key scheduling algorithm of RC4 is then analyzed, followed by an examination of biases of permutation toward secret key bytes. The authors show that the permutation bytes are not random, although the key-scheduling algorithm of RC4 does try to randomize permutations. The authors then touch upon key recovery from state information, and describe various algorithms for recovering the secret key of RC4 from state information. Key stream generation in RC4 is then analyzed. In practice, true random number generators are hard to use. The alternative is a pseudorandom number generator. A stream cipher can be regarded as a pseudorandom generator with the secret key as a seed. If by studying the cipher, one can show a bias in the probability of some key stream-based event happening, then we have what is known as a distinguishing attack on the cipher. The authors study distinguishing attacks and introduce a theoretical framework of distinguishing attacks. Wired equivalent privacy (WEP) is a security protocol for IEEE 802.11 wireless networks. WEP has numerous flaws and has been deprecated in favor of newer standards such as Wi-Fi protected access 2 (WPA2) (which makes use of the block cipher advanced encryption standard (AES) for encryption). WEP incorporates RC4 for encrypting the network traffic. The authors look at different types of attacks on WEP and WPA. In practice, various types of faults may occur in cryptographic devices that may enable attackers to make use of the vulnerabilities of the cipher. The authors discuss some fault attacks on RC4. They then talk about some variants of RC4 and the stream cipher HC-128. There is a short concluding chapter that mentions the safe use of RC4. The authors must be acknowledged for bringing out the first book on the RC4 stream cipher, which is widely used and worth studying. The allocation of the material in the book into ten homogeneous topics is appreciated. However, the book is very heavy on mathematical aspects and is very prosaic, which makes for difficult reading. The numerous lemmas, theorems, and proofs make the book very dull and tiresome, though mathematically concise. The saving grace is the research problems section at the end of each chapter. The inclusion of questions and exercises (mathematically oriented as well as programming based) would have helped to overcome the monotony of the book. The authors should have touched upon the factors that enabled the success of RC4, and mentioned protocols and products that employ it. A list of acronyms would have helped minimize the effort required of the reader to find their meanings. The authors should have touched upon implementation issues in both software and hardware, and could have provided more programming assistance. The references are adequate and current. The brief, one-page concluding chapter of the book is very disappointing. It touches upon the safe use of RC4 in just a few words. The authors have done some considerable work on RC4, but I feel they could have produced a more readable book. Nonetheless, I recommend this book as a reference book for computer security professionals and researchers. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Recommendations
Cryptanalysis of RC4(n, m) stream cipher
SIN '13: Proceedings of the 6th International Conference on Security of Information and NetworksRC4(n, m) is a stream cipher based on RC4 and is designed by G. Gong et al. It can be seen as a generalization of the famous RC4 stream cipher designed by Ron Rivest. The authors of RC4(n, m) claim that the cipher resists all the attacks that are ...
Security Analysis of the RC4+ Stream Cipher
Proceedings of the 14th International Conference on Progress in Cryptology INDOCRYPT 2013 - Volume 8250The RC4+ stream cipher was proposed by Maitra and Paul at Indocrypt 2008. The authors had claimed that RC4+ ironed out most of the weaknesses of the alleged RC4 stream cipher and was only marginally slower than RC4 in software. In this paper we show that ...
Some security results of the RC4+ stream cipher
The RC4+ stream cipher was proposed as an alternative to the well known RC4 stream cipher. It was claimed by the authors that this new stream cipher was designed to overcome all the weaknesses reported against the alleged RC4 stream cipher. In the ...