A new practical key recovery attack on the stream cipher RC4 under related-key model

Abstract

A new key recovery attack under related-key model on RC4 is presented in this paper. This novel attack is based on the property that RC4 can generate a large amount of colliding key pairs. By making use of this property, we are able to recover any random key in practical time when the length of the key is large under a new proposed related key model. Differing from the attack against WEP, neither the knowledge of the IVs nor the keystream outputs are required. Also compared with some recent key recovery attacks, which assume that the attacker knows the S-Box after KSA algorithm and can only recover very short keys (5 bytes) efficiently, our attack works very well for keys with larger size. We give the theoretical proof for the complexity of our attack which matches with the experimental result very well. An 86-byte random secret key can be recovered in about 21.2 hours time by using a standard desktop PC. This novel attack provides us with another theoretical approach to attack WPA and WEP. Remark that our model can be used for more efficient key recovering if any new key collisions can be further discovered in the future. © 2011 Springer-Verlag.