Information Theory Based Evaluation of the RC4 Stream Cipher Outputs

This paper presents a criterion, based on information theory, to measure the amount of average information provided by the sequences of outputs of the RC4 on the internal state. The test statistic used is the sum of the maximum plausible estimates of the entropies H(j(t)vertical bar z(t)), corresponding to the probability distributions P(j(t)vertical bar z(t)) of the sequences of random variables (j(t))(t is an element of)(T) and (z(t))(t is an element of T), independent, but not identically distributed, where zt are the known values of the outputs, while jt is one of the unknown elements of the internal state of the RC4. It is experimentally demonstrated that the test statistic allows for determining the most vulnerable RC4 outputs, and it is proposed to be used as a vulnerability metric for each RC4 output sequence concerning the iterative probabilistic attack.