In this paper, we study the behaviour of RC4 when the index j is stuck at a certain value not known to the attacker. Though it seems quite natural that RC4 would be weak if j does not change, it has never been studied earlier in a disciplined manner. This work presents the nontrivial issues involved in the analysis, identifying how the information regarding S starts leaking with as low as 258 keystream output bytes. The leakage of information increases as more bytes are available and finally the complete S is recovered with 2~(11) bytes in around 2~(25) time complexity. The attack considers that "the deterministic index i at the point when j got stuck" and "the value at which j remains stuck" are unknown. Further, the study presents a nice combinatorial structure that is relevant to the fault analysis of RC4.
展开▼