Settling the mystery of Z<inf>r</inf> = r in RC4

In this paper, using a matrix, at first we revisit the work of Mantin on finding the probability distribution of the RC4 permutation after the completion of the KSA. After that, we extend the same idea to analyse the probabilities during any iteration of the Pseudo Random Generation Algorithm. Next, we study the bias of Zr = r (where Zr is the r-th output keystream byte), which is one of the significant biases observed in the RC4 output keystream. This bias has played an important role in the plaintext recovery attack proposed by Isobe et al. in FSE 2013. However, the accurate theoretical explanation of the bias of Zr = r is still a mystery. Though several attempts have been made to prove this bias, none of those provides an accurate justification. Here, using the results found with the help of the probability transition matrix we justify this bias of Zr = r accurately and settle this issue. The bias obtained from our proof matches the experimental observations perfectly.