You are on page 1of 24

Cryptography

RC4 Stream Cipher

Prof. Dr. Raul Fernando Weber and Oscar Núñez Mori {weber,oscar}@inf.ufrgs.br

Institute of Informatics, UFRGS RS-Brazil

April 30, 2004

INDEX

Introduccion

Secret Key Cryptosystem

Description

Source codes of RC4

RC4 uses OFB

Pro

Cons

Applications

References

I n

t r o

d

u

c

t

i o

n

RC4 is a stream cipher symmetric key algorithm. It was developed in 1987 by Ronald Rivest for RSA Data Security, Inc

[1][2].

algorithm that

RC4 is Ron's code # 4 or Rivest, but the RSA official term is "Rivest Cipher 4".

Rivest also designed the block ciphers RC2 and RC5, and the block cipher RC6 with others.

Cipher is a cryptographic algorithm used for encryption and decryption [1].

Symmetric key algorithm is an

uses the same key to encrypt and decrypt,

Stream cipher is algorithm that encrypts

data one byte at a time [1]

RC4 is essentially a pseudo random number generator (PRNG) with the output of the generator being XORed with the data stream to produce the encrypted data.

The encryption mechanism used to be a trade secret by RSA Data Security, until someone posted source code for an algorithm onto Usenet News, claiming it to be equivalent to RC4.

There is very strong evidence that the posted algorithm is indeed equivalent to RC4 [3].

1994, leaked to cypherpunks mailing list. An alleged copy of the RC4 source code was published anonymously.

1995, first cryptanalysis (USENET post)

1996, appeared in “Applied Cryptography,” by B.

Schneier

as “alleged RC4” [5].

Secret Key Cryptosystem

[6]

Description

[7]

- RC4 is essentially a pseudo-random number generator initialized from a secret key of up to 256 bytes.

- The RC4 algorithm generates a "keystream" which is simply XORed with the plaintext to produce the ciphertext stream.

- Decryption is exactly the same as encryption.

- It uses 256 bytes of memory, S[0] through S[255], and integer variables, i, j, and k [4].

The RC4 algorithm consists of an initialization stage, which uses the key to initialize the pseudo-random number generator:

for i = 0 S[i] = i for i = 0

255

255

j = (j + S[i] + key[i mod key_length]) mod 256

swap (S[i],S[j])

Once the generator has been initialized, both encryption and decryption is performed using values output from the generation stage.

- The process of encryption and decryption is as follows:

i = 0

j = 0

loop until the entire message is encrypted/decrypted

i = (i + 1) mod 256

j = (j + S[i]) mod 256

swap(S[i],S[j])

k

output the XOR of k with the next byte of input

= S[(S[i] + S[j]) mod 256]

Source codes of RC4

- Perl's Version: This was originally implemented by John Allen as a perl4 script [8]:

#!/usr/bin/perl -p INIT{sub Q{\$s[(\$_[0]+=\$_[1])%=256]}sub

/g;S\$y=map{S
255}s/\C/\$&^chr
Q S Q\$y,Q\$x/eg

S{@s[\$y,\$x++]=@s[\$x,\$y]}@k=pop=~/

Q\$y,\$_+hex\$k[\$x%@k]}@s=0

- RC4 Source Code: This optimized ARC4 implementation is based on the original usenet post: RC4 Algorithm revealed, in

sci.crypt

(sep. 1994). Thiw implementation of the

ARC4 algorithm by Christophe Devine has GNU General Public

- RC4 Stream Cipher Library 1.0 [10].

RC4 uses OFB

Output Feed Back mode (OFB): A Block Cipher in output feedback mode works as a key stream generator producing a pseudo-random key sequence a block at a time. By XOR-ing the key stream with the plaintext the block cipher actually works as a stream cipher

[6]

Pro

- The difficulty of knowing where any value is in the table [1].

- The difficulty of knowing which location in the table is used to select each value in the sequence [1].

- Encryption is about 10 times faster that DES [1].

- support of 8-bit architecture

- simplicity (to circumvent export regulations)

- It is ideal for software implementations, as it requires only byte-length manipulations

- According to Ilya Mirov [5], RC4 is the most widely- used stream cipher in the world.

Cons

-The RC4 algorithm is vulnerable to analytic attacks of the state table.

-One in every 256 keys can be a weak key. These keys are identified by cryptoanalysis that is able to find circumstances under which one of more generated bytes are strongly correlated with a few bytes of the key.

As with all stream ciphers, RC4 is easily broken if the

-

same key is used twice. This problem is usually solved by hashing the key with a unique initialization vector (IV) each time it is used, and sending the IV along with the message [4].

It is strongly recommended that the first outputs of this

-

PRNG generator be discarded and not used to encrypt messages

(256 discards are recommended for maximum security.) Failure

to do so can expose messages to an attack in which the RC4

key can be exposed (see "Fluhrer, Mantin and Shamir Attack")

[4]

It is vulnerable to a brute force attack using current technology.

The United States government routinely approves RC4 with 40-bit keys for export. Keys this small can be easily broken by governments, criminals, and amateurs.

The exportable version of Netscape's Secure Socket Layer, which uses RC4-40, was broken by at least two independent groups. Breaking it took about eight days; in many universities or companies the same computing power is available to any computer science student [3].

Applications

RC4 is used in many applications as follows:

- Browsers: Internet Explorer, Nescape, Mozilla, Opera etc.,

- Commercial ssh

- K Desktop Environment 3.1.0

- WEP (Wired Equivalent Privacy) in IEEE 802.11 standard,

enerator, etc.

- TKIP (Temporal Key Integrity Protocol) also known as WEP2,

- TLS (Transport Layer Security),

- WPA (Wi-Fi Protected Access),

- Microsoft XBOX,

- Microsoft PPTP,

- Microsoft Office,

- Oracle SQL,

Lotus Notes,

Cellular Digital Packet Data,

OpenBSD pseudo-random number g

Browsers use RC4

KDE 3.1.0 uses RC4

Commercial SSH uses arcfour (RC4)

[12]

WEP uses RC4

[6]

TKIP uses RC4

[11]

References

[1] http://www.ncat.edu/~grogans/algorithm_history_and_descriptio.htm [2] http://www.wisdom.weizmann.ac.il/~itsik/RC4/rc4.html [3] http://wombat.doc.ic.ac.uk/foldoc/foldoc.cgi?RC4 [4] http://en.wikipedia.org/wiki/RC4_cipher [5] “ Old and New Attacks on RC4” by Ilya Mironov. Applied Cypto, Standford (ilya Mironov.ppt) [6] “ Symmetric K ey Cryptography” by Prof. Dr.Andreas Steffen. 2000-2003 Zurcher Hochschule Winterthur. Sichere Netzwerkkommunikation (SNK ). 10/10/2003. (SNK _Sym.ppt)

[7] “ Wireless Security: Problems and Solutions” by William A Arbaugh. In SANS 2002 Technical Conference Session 1-3. 2002. (1-3_Arbaugh.pdf)

[8]

[9]

[10] http://www.sevillaonline.com/ActiveX/vb5/RC4Lib.htm