New attacks RC4A and VMPC

Abstract

RC4 is one of the most widely used stream cipher, designed by Ronald Rivest in 1987. RC4 has attracted a lot of attention of the community due to its simple design. In the last twenty years, lots of analyses about RC4 have been published by cryptanalysts. In these analyses, statictical biases and their applications stand out as the main weaknesses of RC4. To resist against this kind of weaknesses, many different varients of RC4 were designed. RC4A and VMPC are two of them, both proposed in FSE 2004. Here, we first reproduce two attacks against RC4 that depend on statistical biases; the linear correlation attack (Sepehrdad et al., 2010), and the plaintext recovery attacks (Alfardan et al., 2013). Then, we modify and apply them against RC4A and VMPC. We observe some previously undiscovered linear correlations and statistical biases for these two ciphers. Then, we try to identify the strong and weak aspects of these ciphers by evaluating the experimental results. We propose modifications for RC4, RC4A and VMPC according to these aspects and show that small changes in the design of these ciphers can increase or decrease their resistance against statistical bias attacks significantly.