BCSE309L – Cryptography and Network

Security
Stream Cipher

2
Stream Cipher

3
Stream Cipher

4
 Stream Cipher

• Process message bit by bit (as a stream)

• Have a pseudo random keystream
• Combined (XOR) with plaintext bit by bit
• Randomness of stream key completely destroys statistical
properties in message
– Ci = mi XOR streamkeyi
• But must never reuse stream key
– Otherwise can recover messages

5
 Stream Cipher
Design considerations are:
– Long period with no repetitions
– Statistically random
– Depends on large enough key
– Large linear complexity
•Properly designed, can be as secure as a block cipher with
same size key
•but usually simpler & faster

6
RC4

7
 RC4
• RC4 means Rivest Cipher 4 invented by Ron Rivest in 1987 for
RSA Security.
• It is a Stream Ciphers. Stream Ciphers operate on a stream of data
byte by byte.
• RC4 stream cipher is one of the most widely used stream ciphers
because of its simplicity and speed of operation.
• It is a variable key-size stream cipher with byte-oriented
operations.
• It uses either 64 bit or 128-bit key sizes.
• It is generally used in applications such as Secure Socket Layer
(SSL), Transport Layer Security (TLS), and also used in IEEE
802.11 wireless LAN std
8
 RC4
• RC4 is a stream cipher and variable-length key
algorithm.
• This algorithm encrypts one byte at a time (or larger
units at a time).
• A key input is a pseudorandom bit generator that
produces a stream 8-bit number that is unpredictable
without knowledge of input key, The output of the
generator is called key-stream, is combined one byte
at a time with the plaintext stream cipher using X-OR
operation
9
RC4

10
RC4

11
 RC4

Design consideration for stream cipher

12
 RC4
• RC4 is a byte-oriented stream cipher in which a byte (8 bits) of a
plaintext is exclusive-ored with a byte of key to produce a byte of a
ciphertext.
• The secret key, from which the one-byte keys in the key stream are
generated, can contain anywhere from 1 to 256 bytes.
• RC4 is based on the concept of a state. At each moment, a state of
256 bytes is active, from which one of the bytes is randomly
selected to serve as the key for encryption.
• The idea can be shown as an array of bytes:
• S[0] S[1] S[2] … S[255]
• Note that the indices of the elements range between 0 and 255. The
contents of each element is also a byte (8 bits) that can be
interpreted as an integer between 0 to 255.
13
RC4

14
 RC4
1. Initialization of S and T
2. Initial permutation of S with respect to T
3. Stream Generation
4. Encryption
5. Decryption

15
 RC4
1. Initialization of S and T
– In the first step, the state ‘S’ is initialized to values
0, 1, …, 255.
– A key array, T[0], T[1], …, T[255] is also created.
– If the secret key has exactly 256 bytes, the bytes
are copied to the T array; otherwise, the bytes are
repeated until the T array is filled.

16
 RC4
(Assume 3 bits & 8 entries - Actually in RC4  8 bits, 256 entries)

S=[0 1 2 3 4 5 6 7 ]
K=[1 2 3 6] // May range from 1 to 256 bytes. Here 4 bytes
PLAIN= [1 2 2 2 ]
Size of T should be equal to size of S
Size of S = 8.
So copy K into T till T size reaches to 8.
T=[1 2 3 6 1 2 3 6 ]

Initialization
for i = 0 to 7 do
S[i] = i;
T[i] = K[i mod keylen];
17
 RC4
2. Initial permutation of S with respect to T
• In the second step, the initialized state goes through a
permutation (swapping the elements) based on the
value of bytes in T[i].
• The key byte is used only in this step to define which
elements are to be swapped. After this step, the state
bytes are completely shuffled.

18
 RC4
Initial permutation of S with respect to T
j = 0;
S=[0,1,2,3,4,5,6,7]
T=[1,2,3,6,1,2,3,6]
for i = 0 to 7 do
j = (j + S[i] + T[i]) (mod 8)
swap (S[i], S[j])

• Repeat the steps until ‘i’ value reaches the 7th iteration
• After updating the state vector, every time, ‘i’ value will be
incremented by 1.
• But, ‘j’ value should not be incremented, every iteration, the last
‘j’ value will be used.
19
 RC4
j = 0;
J=0 S=[0,1,2,3,4,5,6,7]
T=[1,2,3,6,1,2,3,6]
i=0 for i = 0 to 7 do
j=(0+S[0]+T[0]) mod 8 j = (j + S[i] + T[i]) (mod 8)
= (0+0+1) mod 8 swap (S[i], S[j])
=1 mod 8
j=1 S=[0, 1, 2, 3, 4, 5, 6, 7]
swap(S[0],S[1])
T=[1, 2, 3, 6, 1, 2, 3, 6]
S=[0, 1, 2, 3, 4, 5, 6, 7]
0, 1, 2, 3, 4, 5, 6, 7
After swap S=[1, 0, 2, 3, 4, 5, 6, 7]
i=1 0, 1, 2, 3, 4, 5, 6, 7
j=(1+S[1]+T[1]) mod 8
=(1+0+2) mod 8
j =3
swap(S[1],S[3])
S=[1, 0, 2, 3, 4, 5, 6, 7]
20
After swap S=[1, 3, 2, 0, 4, 5, 6, 7]
 RC4
3. Stream Generation
• The keys in the key stream, the t’s, are generated, one by one.
• First, the state is permuted based on the values of state elements and
the values of two individual variables, i and j.
• Second, the values of two state elements in positions i and j are used
to define the index of the state element that serves as t.
• The following code is repeated for each byte of the plaintext to create
a new key element in the key stream.
• The variables i and j are initialized to 0 before the first iteration, but
the values are copied from one iteration to the next.

21
 RC4

S=
0 1 2 3 4 5 6 7
i=0
J=0
i=(0+1)mod 8 = 1 mod 8 = 1
j=(0+ s[1] )mod 8 = (0+3) mod 8 = 3
Swap(S[1],S[3])

 S= [ 2, 4, 7, 3, 6, 0, 1, 5 ]
0 1 2 3 4 5 6 7

t= (S[1]+S[3]) mod 8 = (4+3) mod 8 = 7

K=S[7] = 5

K=5 22
 RC4
4. Encryption
• After T has been created, the plaintext byte is encrypted with T to
create the ciphertext byte.
Ciphettext= Plaintext XOR Key

Iteration-1 Iteration-2
PLAIN= [1 2 2 2 ] PLAIN= [1 2 2 2 ]
PLAIN= [001 010 010 010 010 ]
PLAIN= [001 010 010 010 010 ]
K=?  ???
K=5  101

Ciphettext= Plaintext XOR Key 1  001 Ciphettext= Plaintext XOR Key

= 1 XOR 5 5  101 = 2 XOR K
XOR 100
=4 4
K=?
23
 RC4
S= [ 2, 4, 7, 3, 6, 0, 1, 5 ]
0 1 2 3 4 5 6 7

i=1
j=3
i=(1+1)mod 8 = 2 mod 8 = 2
j=(3+ S[2] )mod 8 = (3+7) mod 8 = 2
Swap(S[2],S[2]) Iteration-2
PLAIN= [1 2 2 2 ]
PLAIN= [001 010 010 010 010 ]
K=1  001

Ciphettext= Plaintext XOR Key

t= (S[2]+S[2]) mod 8 = (14) mod 8 = 6 = 2 XOR 1
K=S[6] = 1
2  010
=3 1  001
K=1 XOR 011
3 24
 RC4

Iteration-3
PLAIN= [1 2 2 2 ]
PLAIN= [001 010 010 010 010 ]
K=?  ???

Ciphettext= Plaintext XOR Key

= 2 XOR K

K=?
25
 RC4
S= [ 2, 4, 7, 3, 6, 0, 1, 5 ]
0 1 2 3 4 5 6 7

i=1
j=2
i=(2+1)mod 8 = 3 mod 8 = 3
j=(2+ S[3] )mod 8 = (2+3) mod 8 = 5
Swap(S[3],S[5]) Iteration-3
PLAIN= [1 2 2 2 ]
S= [ 2, 4, 7, 0, 6, 3, 1, 5 ] PLAIN= [001 010 010 010 010 ]
K=1  000
0 1 2 3 4 5 6 7
Ciphettext= Plaintext XOR Key
t= (S[3]+S[5]) mod 8 = (0+3) mod 8 = 3 = 2 XOR 0
K=S[3] = 0
= 2 2  010
0  000
K=0 XOR 010
2
 RC4

Iteration-4
PLAIN= [1 2 2 2 ]
PLAIN= [001 010 010 010 010 ]
K=?  ???

Ciphettext= Plaintext XOR Key

= 2 XOR K

K=?
27
 RC4
S= [ 2, 4, 7, 0, 6, 3, 1, 5 ]
0 1 2 3 4 5 6 7

i=3
j=5
i=(3+1)mod 8 = 4 mod 8 = 4
j=(5+ S[4] )mod 8 = (5+6) mod 8 = 3
Swap(S[4],S[3]) Iteration-3
PLAIN= [1 2 2 2 ]
S= [ 2, 4, 7, 6, 0, 3, 1, 5 ] PLAIN= [001 010 010 010 010 ]
K=1  001
0 1 2 3 4 5 6 7
Ciphettext= Plaintext XOR Key
t= (S[4]+S[3]) mod 8 = (0+6) mod 8 = 6 = 2 XOR 1
K=S[6] = 1
= 3 2  010
1  001
K=0 XOR 011
3
RC4

Plaintext = [1 2 2 2 ]
K=[5 1 0 1]
Ciphertext = [ 4 3 2 3 ]

29
 RC4
5. Decryption
Decryption is the reverse process.
K=[5 1 0 1]
plaintext= ciphertext XOR Key
Ciphertext = [ 4 3 2 3 ]
C3  011
K1  001 Ciphertext = [ 4 3 2 3 ]
PXOR  010
2
K=[5 1 0 1]

C2  010
K0  000 Ciphertext = [ 4 3 2 3 ]
PXOR  010
2 K=[5 1 0 1]
 011
C3
K1  001 Ciphertext = [ 4 3 2 3 ] Plaintext = [1 2 2 2 ]
PXOR  010
2
K=[5 1 0 1]

C4  100
K5  101 Ciphertext = [ 4 3 2 3 ]
PXOR  001
1
K=[5 1 0 1]
30
 RC4

Initialization
for i = 0 to 255 do
S[i] = i;
T[i] = K[i mod keylen];

Initial permutation of S
j = 0;
for i = 0 to 255 do
j = (j + S[i] + T[i]) (mod 256)
swap (S[i], S[j])

31
 RC4
• Stream Generation
i,j = 0;
while (true)
i= (i + 1) mod 8
j= (j + S[i]) mod 8
swap(S[i], S[j])
t = (S[i] + S[j]) mod 8
K = S[t];

32
 RC4

• To encrypt , XOR the value k with the next byte of plain

text.
• To decrypt , XOR the value k with the next byte of
cipher text

33
RC4 Overview

34