Abstract
RC4 is a stream cipher that makes use of aninternal state table, S, which represents a permutation overZ_{2^{8}} . GGHN is a relatively more efficient stream cipher whose design is inspired from RC4 but whose S table, however, does not represent a permutation over Z_{2^m}. In this paper, we point out one challenging aspect of the latter design principle. In particular, we assess GGHN-like algorithms with respect to weak states, in which all internal state words and output elements are even. Once GGHN is absorbed in a weak state, the least significant bit of the plaintext words will be revealed only by looking at the ciphertext. By modelling the algorithm by a Markov chain and calculating chain's absorption time, we show that the average number of steps required by these algorithms to enter this weak state can be lower than expected at first glance and hence caution should be exercised when estimating this number.