Summary: | This paper presents a criterion, based on information theory, to measure the amount of average information provided by the sequences of outputs of the RC4 on the internal state. The test statistic used is the sum of the maximum plausible estimates of the entropies <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mi>H</mi><mo>(</mo><msub><mi>j</mi><mi>t</mi></msub><mo>|</mo><msub><mi>z</mi><mi>t</mi></msub><mo>)</mo></mrow></semantics></math></inline-formula>, corresponding to the probability distributions <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><mrow><mi>P</mi><mo>(</mo><msub><mi>j</mi><mi>t</mi></msub><mo>|</mo><msub><mi>z</mi><mi>t</mi></msub><mo>)</mo></mrow></semantics></math></inline-formula> of the sequences of random variables <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><msub><mrow><mo>(</mo><msub><mi>j</mi><mi>t</mi></msub><mo>)</mo></mrow><mrow><mi>t</mi><mo>∈</mo><mi>T</mi></mrow></msub></semantics></math></inline-formula> and <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><msub><mrow><mo>(</mo><msub><mi>z</mi><mi>t</mi></msub><mo>)</mo></mrow><mrow><mi>t</mi><mo>∈</mo><mi>T</mi></mrow></msub></semantics></math></inline-formula>, independent, but not identically distributed, where <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><msub><mi>z</mi><mi>t</mi></msub></semantics></math></inline-formula> are the known values of the outputs, while <inline-formula><math xmlns="http://www.w3.org/1998/Math/MathML" display="inline"><semantics><msub><mi>j</mi><mi>t</mi></msub></semantics></math></inline-formula> is one of the unknown elements of the internal state of the RC4. It is experimentally demonstrated that the test statistic allows for determining the most vulnerable RC4 outputs, and it is proposed to be used as a vulnerability metric for each RC4 output sequence concerning the iterative probabilistic attack.
|