We published a first plaintext recovery attack of RC4 in the broadcast setting where same plaintext is encrypted by different user keys at FSE 2013 (earlier than AlFardan-Bernstein-Paterson-Poettering-Schuldt Results).
|||Takanori ISOBE, Toshihiro OHIGASHI, Yuhei WATANABE, and Masakatu MORII, "Full Plaintext Recovery Attack on Broadcast RC4," Proc. the 20th International Workshop on Fast Software Encryption (FSE 2013), Mar. 10-13, 2013. (Submission deadline: November 12, 2012)|
Summary of results of our paper is as follows
- Our attack can recover ANY byte of first 257 bytes of the plaintext by using around 2^32 ciphetexts.
- Our attack can also recover later bytes (after 258 bytes) by using 2^34 ciphertexts.
In addition, we give theoritical reasons why first 255 bytes of the keystream have such strong biases.