Thread: Understanding Klein's attack on RC4

1. No Profile Picture
Registered User
Devshed Newbie (0 - 499 posts)

Join Date
Apr 2011
Posts
1
Rep Power
0

Understanding Klein's attack on RC4

Code:
``` Suppose w key streams were generated by RC4 using
packet keys with a fixed root key and different initialization
vectors. Denote by K_u = (K_u[0], ..., K_u[m]) = (IV_u||Rk) the
u-th packet key and by X_u = (X_u[0],...,X_u[m-1]) the first m
bytes of the uth key stream, where 1 <= u <= w. Assume that an
attacker knows the pairs (IV_u, X_u) - we shall refer to them as
samples - and tries to find Rk.```

I've been reading this paragraph over and over, and I just don't get it. I think w is the amount of key streams, K is the key, K_u specifies which key stream it's a part of... but what is X?
2. No Profile Picture
Contributing User
Devshed Newbie (0 - 499 posts)

Join Date
Dec 2003
Location
Central New Jersey
Posts
207
Rep Power
21
Here's my interpretation.

w key streams

X is the first m bytes of the uth key stream.

key streams:

initialization vector 1 + plain text 1 + root key ==> (K_u[0], ..., K_u[m])

(K_u[0], ..., K_u[m]) == (X_u[0],...,X_u[m-1]) + [remaining bytes of uth key stream]

initialization vector 2 + plain text 2 + root key ==> (K_u[0], ..., K_u[m])
initialization vector 3 + plain text 3 + root key ==> (K_u[0], ..., K_u[m])
....
initialization vector w + plain text w + root key ==> (K_u[0], ..., K_u[m])