WEKO3
アイテム
New Weakness in the Key-Scheduling Algorithm of RC4
https://nitech.repo.nii.ac.jp/records/5368
https://nitech.repo.nii.ac.jp/records/5368d8552427-933e-4190-b2d4-4b07a7acb081
| 名前 / ファイル | ライセンス | アクション |
|---|---|---|
本文_fulltext (317.0 kB)
|
Copyright(c)2008 IEICE http://search.ieice.org/index.html
|
| Item type | 学術雑誌論文 / Journal Article(1) | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 公開日 | 2013-06-25 | |||||||||||
| タイトル | ||||||||||||
| タイトル | New Weakness in the Key-Scheduling Algorithm of RC4 | |||||||||||
| 言語 | en | |||||||||||
| 言語 | ||||||||||||
| 言語 | eng | |||||||||||
| 資源タイプ | ||||||||||||
| 資源タイプ識別子 | http://purl.org/coar/resource_type/c_6501 | |||||||||||
| 資源タイプ | journal article | |||||||||||
| 著者 |
Ohigashi, Toshihiro
× Ohigashi, Toshihiro
× Shiraishi, Yoshiaki
× Morii, Masakatsu
|
|||||||||||
| 著者別名 | ||||||||||||
| 姓名 | 白石, 善明 | |||||||||||
| bibliographic_information |
en : IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences 巻 E91-A, 号 1, p. 3-11, 発行日 2008-01-01 |
|||||||||||
| 出版者 | ||||||||||||
| 出版者 | Institute of Electronics, Information and Communication Engineers | |||||||||||
| 言語 | en | |||||||||||
| ISSN | ||||||||||||
| 収録物識別子タイプ | ISSN | |||||||||||
| 収録物識別子 | 0916-8508 | |||||||||||
| item_10001_source_id_32 | ||||||||||||
| 収録物識別子タイプ | NCID | |||||||||||
| 収録物識別子 | AA10826239 | |||||||||||
| 出版タイプ | ||||||||||||
| 出版タイプ | VoR | |||||||||||
| 出版タイプResource | http://purl.org/coar/version/c_970fb48d4fbd8a85 | |||||||||||
| 内容記述 | ||||||||||||
| 内容記述タイプ | Other | |||||||||||
| 内容記述 | In a key scheduling algorithm (KSA) of stream ciphers, a secret key is expanded into a large initial state. An internal state reconstruction method is known as a general attack against stream ciphers; it recovers the initial state from a given pair of plaintext and ciphertext more efficiently than exhaustive key search. If the method succeeds, then it is desirable that the inverse of KSA is infeasible in order to avoid the leakage of the secret key information. This paper shows that it is easy to compute a secret key from an initial state of RC4. We propose a method to recover an -bit secret key from only the first bits of the initial state of RC4 using linear equations with the time complexity less than that of one execution of KSA. It can recover the secret keys of which number is 2103.6 when the size of the secret key is 128 bits. That is, the 128-bit secret key can be recovered with a high probability when the first 128 bits of the initial state are determined using the internal state reconstruction method. | |||||||||||
| 言語 | en | |||||||||||
