Stream Cipher and RC4 algorithm

Stream Cipher
A typical stream cipher encrypts plaintext one byte at a time, although a stream cipher may be
designed to operate on one bit at a time or on units larger than a byte at a time.

The above figure is a representative diagram of stream cipher structure. In this structure a key
is input to a pseudorandom bit generator that produces a stream of 8-bit numbers that are
apparently random.
• A pseudorandom stream is one that is unpredictable without knowledge of the input key.
The output of the generator, called a keystream, is combined one byte at a time with
the plaintext stream using the bitwise exclusive-OR (XOR) operation.
• For example, if the next byte generated by the generator is 01101100 and the next
plaintext byte is 11001100, then the resulting ciphertext byte is 10100000.

Important design considerations for a stream cipher

• The encryption sequence should have a large period. A pseudorandom number

generator uses a function that produces a deterministic stream of bits that
eventually repeats. The longer the period of repeat the more difficult it will be to do
cryptanalysis.
• The keystream should approximate the properties of a true random number stream
as close as possible.
• To guard against brute-force attacks, the key needs to be sufficiently long.
.
RC4 algorithm
• RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security.
• It is a variable key-size stream cipher with byte-oriented operations.
• The algorithm is based on the use of a random permutation.
• RC4 is used in the SSL/TLS (Secure Sockets Layer/Transport Layer Security)
standards that have been defined for communication between Web browsers and
• servers.
• It is also used in the WEP (Wired Equivalent Privacy) protocol and the newer WiFi
Protected Access (WPA) protocol that are part of the IEEE 802.11 wireless LAN
standard.
• A variable-length key of from 1 to 256 bytes (8 to 2048 bits) is used to initialize a
256-byte state vector S, with elements S[0], S[1],..., S[255].
• At all times, S contains a permutation of all 8-bit numbers from 0 through 255.
• As each value of k is generated, the entries in S are once again permuted.

Initialization of S

• To begin, the entries of S are set equal to the values from 0 through 255 in
ascending order; that is; S [0] = 0, S[1] = 1,..., S[255] = 255.
• A temporary vector, T, is also created. If the length of the key K is 256 bytes,
then K is transferred to T.
• Otherwise, for a key of length keylen bytes, the first keylen elements of T are
copied from K and then K is repeated as many times as necessary to fill out T.

These preliminary operations can be summarized as follows:

/* Initialization */
for i = 0 to 255 do
S[i] = i;
T[i] = K[i mod keylen];

Next we use T to produce the initial permutation of S. This involves starting with S[0]
and going through to S[255], and, for each S[i], swapping S[i] with another byte in S
according to a scheme dictated by T[i]:

/* Initial Permutation of S */
j = 0;
for i = 0 to 255 do
j = (j + S[i] + T[i]) mod 256;
Swap (S[i], S[j]);

Because the only operation on S is a swap, the only effect is a permutation. S still
contains all the numbers from 0 through 255.

Stream Generation
Once the S vector is initialized, the input key is no longer used. Stream generation
involves cycling hrough all the elements of S[i], and, for each S[i], swapping S[i] with
another byte in S according to a scheme dictated by the current configuration of S. After
S[255] is reached, the process continues, starting over again at S[0]:
/* Stream Generation */
i, j = 0;
while (true)
i = (i + 1) mod 256;
j = (j + S[i]) mod 256;
Swap (S[i], S[j]);
t = (S[i] + S[j]) mod 256;
k = S[t];

To encrypt, XOR the value k with the next byte of plaintext. To decrypt, XOR the value k
with the next byte of ciphertext.
The below diagram depicts overall RC4 logic