计算机应用 ›› 2018, Vol. 38 ›› Issue (2): 370-373.DOI: 10.11772/j.issn.1001-9081.2017071945

• 网络空间安全 • 上一篇    下一篇

对不同种子密钥长度的RC4算法的明文恢复攻击

苑超, 徐蜜雪, 斯雪明   

  1. 信息工程大学 数学工程与先进计算国家重点实验室, 郑州 450001
  • 收稿日期:2017-08-07 修回日期:2017-09-06 出版日期:2018-02-10 发布日期:2018-02-10
  • 通讯作者: 斯雪明
  • 作者简介:苑超(1992-),男,山东烟台人,硕士研究生,主要研究方向:密码学、区块链、信息安全;徐蜜雪(1993-),女,山东烟台人,硕士研究生,主要研究方向:密码学、区块链、信息安全;斯雪明(1966-),男,浙江诸暨人,教授,硕士,主要研究方向:密码学、数据科学、计算机体系结构、网络安全、区块链。
  • 基金资助:
    国家重点研发计划项目(2016YFB0800101,2016YFB0800100);数学与先进计算国家重点实验室开放课题项目(2015A14)。

Plaintext recovery attack on RC4 with different length of seed key

YUAN Chao, XU Mixue, SI Xueming   

  1. State Key Laboratory of Mathematical Engineering and Advanced Computing, Information Engineering University, Zhengzhou Henan 450001, China
  • Received:2017-08-07 Revised:2017-09-06 Online:2018-02-10 Published:2018-02-10
  • Supported by:
    This work is partially supported by the National Key Research and Development Program of China (2016YFB0800101, 2016YFB0800100), the State Key Laboratory of Mathematical Engineering and Advanced Computing Opening Foundation (2015A14).

摘要: 针对不同种子密钥长度的RC4算法的明文恢复问题,提出了对经过不同种子密钥长度(8字节、16字节、22字节)的RC4算法加密的明文的明文恢复攻击。首先利用统计算法在232个不同种子密钥的条件下统计了RC4算法每个密钥流输出字节的t值分布,发现了RC4算法密钥流输出序列存在偏差;然后,利用单字节偏差规律和双字节偏差规律给出了对经RC4算法加密的明文的前256字节的攻击算法。实验结果表明,在密文量为231的条件下,除了第4字节外,攻击算法能够以100%的成功率恢复明文的前196字节。对于种子密钥长度为8字节的RC4算法,前256字节的恢复成功率都超过了91%;相应的,种子密钥长度为16字节的RC4算法,前256字节的恢复成功率都超过87%;种子密钥长度为22字节的RC4算法,前256字节的恢复成功率都超过了81%。所提攻击算法拓展了原有攻击密钥长度为16字节的RC4算法的范围,且在实际应用中能够更好地恢复经RC4算法加密的明文。

关键词: RC4算法, 流密码, 种子密钥长度, 明文恢复, 偏差规律

Abstract: Aiming at the plaintext recovery on plaintexts encrypted by RC4 (Rivest Cipher 4) algorithm with different lengths of seed key, a plaintext recovery attack on plaintexts encrypted by RC4 algorithm with different lengths of seed key (8 bytes, 16 bytes, 22 bytes) was proposed. Firstly, by using the statistical algorithm, the t-value distribution of each output byte of key stream of RC4 was calculated under the condition of 232 different seed keys, and biases were found. Then the attack on the first 256 bytes of the plaintext encrypted by the RC4 was given by using single-byte biases and double-bytes biases. The experimental results show that with 231 ciphertexts, the first 196 bytes of the plaintext can be recovered with the success probability of 100% except the 4th Byte. Besides, the first 256 bytes can be recovered with the success probability over 91%, 87% and 81% for 8-byte, 16-byte and 22-byte seed key, respectively. The proposed attack algorithm extends the scope of RC4 algorithm with seed key length of 16 bytes, and it can recover the plaintexts encrypted by RC4 algorithm in practice.

Key words: RC4(Rivest Cipher 4) algorithm, stream cipher, seed key length, plaintext recovery, biases

中图分类号: