摘要
针对不同种子密钥长度的RC4算法的明文恢复问题,提出了对经过不同种子密钥长度(8字节、16字节、22字节)的RC4算法加密的明文的明文恢复攻击。首先利用统计算法在2^(32)个不同种子密钥的条件下统计了RC4算法每个密钥流输出字节的t值分布,发现了RC4算法密钥流输出序列存在偏差;然后,利用单字节偏差规律和双字节偏差规律给出了对经RC4算法加密的明文的前256字节的攻击算法。实验结果表明,在密文量为2^(31)的条件下,除了第4字节外,攻击算法能够以100%的成功率恢复明文的前196字节。对于种子密钥长度为8字节的RC4算法,前256字节的恢复成功率都超过了91%;相应的,种子密钥长度为16字节的RC4算法,前256字节的恢复成功率都超过87%;种子密钥长度为22字节的RC4算法,前256字节的恢复成功率都超过了81%。所提攻击算法拓展了原有攻击密钥长度为16字节的RC4算法的范围,且在实际应用中能够更好地恢复经RC4算法加密的明文。
Aiming at the plaintext recovery on plaintexts encrypted by RC4( Rivest Cipher 4) algorithm with different lengths of seed key, a plaintext recovery attack on plaintexts encrypted by RC4 algorithm with different lengths of seed key( 8 bytes, 16 bytes, 22 bytes) was proposed. Firstly, by using the statistical algorithm, the t-value distribution of each output byte of key stream of RC4 was calculated under the condition of 2^(32) different seed keys, and biases were found. Then the attack on the first 256 bytes of the plaintext encrypted by the RC4 was given by using single-byte biases and double-bytes biases. The experimental results show that with 2^(31) ciphertexts, the first 196 bytes of the plaintext can be recovered with the success probability of 100% except the 4th Byte. Besides, the first 256 bytes can be recovered with the success probability over 91%,87% and 81% for 8-byte, 16-byte and 22-byte seed key, respectively. The proposed attack algorithm extends the scope of RC4 algorithm with seed key length of 16 bytes, and it can recover the plaintexts encrypted by RC4 algorithm in practice.
出处
《计算机应用》
CSCD
北大核心
2018年第2期370-373,共4页
journal of Computer Applications
基金
国家重点研发计划项目(2016YFB0800101
2016YFB0800100)
数学与先进计算国家重点实验室开放课题项目(2015A14)~~
关键词
RC4算法
流密码
种子密钥长度
明文恢复
偏差规律
RC4(Rivest Cipher 4) algorithm
stream cipher
seed key length
plaintext recovery
biases
