Jump to ContentJump to Main Navigation
Show Summary Details
More options …

Journal of Mathematical Cryptology

Managing Editor: Magliveras, Spyros S. / Steinwandt, Rainer / Trung, Tran

Editorial Board: Blackburn, Simon R. / Blundo, Carlo / Burmester, Mike / Cramer, Ronald / Gilman, Robert / Gonzalez Vasco, Maria Isabel / Grosek, Otokar / Helleseth, Tor / Kim, Kwangjo / Koblitz, Neal / Kurosawa, Kaoru / Lauter, Kristin / Lange, Tanja / Menezes, Alfred / Nguyen, Phong Q. / Pieprzyk, Josef / Rötteler, Martin / Safavi-Naini, Rei / Shparlinski, Igor E. / Stinson, Doug / Takagi, Tsuyoshi / Williams, Hugh C. / Yung, Moti

CiteScore 2018: 1.41

SCImago Journal Rank (SJR) 2018: 0.342
Source Normalized Impact per Paper (SNIP) 2018: 1.076

Mathematical Citation Quotient (MCQ) 2018: 0.75

See all formats and pricing
More options …
Volume 2, Issue 3


A complete characterization of the evolution of RC4 pseudo random generation algorithm

Riddhipratim Basu / Shirshendu Ganguly / Subhamoy Maitra
  • Applied Statistics Unit, Indian Statistical Institute, 203, B T Road, Kolkata 700108, India. Email:
  • Other articles by this author:
  • De Gruyter OnlineGoogle Scholar
/ Goutam Paul
  • Department of Computer Science and Engineering, Jadavpur University, Kolkata 700032, India. Email:
  • Other articles by this author:
  • De Gruyter OnlineGoogle Scholar
Published Online: 2008-10-08 | DOI: https://doi.org/10.1515/JMC.2008.012


In this paper, we provide a complete characterization of the RC4 Pseudo Random Generation Algorithm (PRGA) for one step: i = i + 1; j = j + S[i]; swap(S[i], S[j]); z = S[S[i] + S[j]]. This is the first time such an involved description is presented to get a concise view of how RC4 PRGA evolves. Considering all the permutations (we also keep in mind the Finney states), we find that the distribution of z is not uniform given i, j. A corollary of this result shows that information about j is always leaked from z. Next, studying two consecutive steps of RC4 PRGA, we prove that the index j is not produced uniformly at random given the value of j two steps ago. We also provide additional evidence of z leaking information on j. Further, we present a novel distinguisher for RC4 which shows that under certain conditions the equality of two consecutive bytes is more probable than by random association. Our analysis holds regardless of the amount of initial keystream bytes thrown away during the RC4 PRGA.

Keywords.: Cryptanalysis; distinguishing attacks; RC4; stream cipher; statistical distributions

About the article

Received: 2008-02-04

Revised: 2008-06-10

Published Online: 2008-10-08

Published in Print: 2008-10-01

Citation Information: Journal of Mathematical Cryptology, Volume 2, Issue 3, Pages 257–289, ISSN (Online) 1862-2984, ISSN (Print) 1862-2976, DOI: https://doi.org/10.1515/JMC.2008.012.

Export Citation

Citing Articles

Here you can find all Crossref-listed publications in which this article is cited. If you would like to receive automatic email messages as soon as this article is cited in other publications, simply activate the “Citation Alert” on the top of this page.

Santanu Sarkar, Sourav Sen Gupta, Goutam Paul, and Subhamoy Maitra
Designs, Codes and Cryptography, 2015, Volume 77, Number 1, Page 231
Sourav Sen Gupta, Subhamoy Maitra, Goutam Paul, and Santanu Sarkar
Journal of Cryptology, 2014, Volume 27, Number 1, Page 67
Subhamoy Maitra, Goutam Paul, Shashwat Raizada, Subhabrata Sen, and Rudradev Sengupta
Designs, Codes and Cryptography, 2011, Volume 59, Number 1-3, Page 231

Comments (0)

Please log in or register to comment.
Log in