Previously overlooked bias signatures for RC4

Abstract

Recent findings suggest that known short-term and long-term biases for RC4 can be practically exploited to capture extended part of the Internet traffic relying on Transportation Layer Security (TLS) with RC4 cipher. While RC4 is no longer a dominant cipher used in the Internet, research community continues to exploure its characteristics and even propose its derivatives. To the best of our knowledge, no works have correctly verified the set of well-known Fluhrer-McGrew biases. We experimentally approached to validate the correctness of the biases during which we uncovered two additional biases. Furthermore, our experiment has successfully produced and generalized a set of non-consecutive byte biases from RC4 keystream. Finally, we have captured bias signatures for several well-known RC4 variants.