Des. Codes Cryptogr. (2008) 49:123–134 DOI 10.1007/s10623-008-9177-7 On non-negligible bias of the first output byte of RC4 towards the first three bytes of the secret key Goutam Paul · Siddheshwar Rathi · Subhamoy Maitra Received: 30 May 2007 / Revised: 29 November 2007 / Accepted: 5 December 2007 / Published online: 8 April 2008 © Springer Science+Business Media, LLC 2008 Abstract In this paper, we show that the first byte of the keystream output of RC4 has non-negligible bias towards the sum of the first three bytes of the secret key. This result is based on our observation that the index, where the first byte of the keystream output is chosen from, is approximately twice more likely to be 2 than any other value. Our technique is further used to theoretically prove Roos’s experimental observation (A class of weak keys in the RC4 stream cipher, 1995) related to weak keys. Keywords Bias · Cryptanalysis · Keystream · Permutation · RC4 · Stream cipher AMS Classification 94A60 1 Introduction RC4 is one of the most popular stream ciphers in cryptologic literature and it has wide appli- cations in industry till date. This cipher has been analyzed for more than a decade in open This is a revised and extended version of the paper that has been presented in International Workshop on Coding and Cryptography, April 16–20, 2007 (WCC 2007), Versailles, France. Siddheshwar Rathi was a researcher at Applied Statistics Unit, Indian Statistical Institute, Kolkata. We were shocked by his sudden demise on October 28, 2006. Siddheshwar had observed and proved Theorem 2. However, we, the other two co-authors, noted the consequence of this theorem at a later date. In fact, we were attracted towards the analysis of RC4 due to Siddheshwar’s enthusiasm. Unfortunately, Siddheshwar could not see this paper published. G. Paul Department of Computer Science and Engineering, Jadavpur University, Kolkata 700 032, India e-mail: goutam_paul@cse.jdvu.ac.in S. Rathi Kolkata, India S. Maitra (B ) Applied Statistics Unit, Indian Statistical Institute, Kolkata 700 108, India e-mail: subho@isical.ac.in 123