RC4 Encryption Algorithm

What is RC4 Encryption?

RC4 means Rivest Cipher 4 invented by Ron Rivest in 1987 for RSA Security. It
is a Stream Ciphers. Stream Ciphers operate on a stream of data byte by byte.
RC4 stream cipher is one of the most widely used stream ciphers because of its
simplicity and speed of operation. It is a variable key-size stream cipher with
byte-oriented operations. It uses either 64 bit or 128-bit key sizes. It is generally
used in applications such as Secure Socket Layer (SSL), Transport Layer Security
(TLS), and also used in IEEE 802.11 wireless LAN std.

Why Encryption Is Important?

Unauthorized data access can be prevented by encryption. If we perform
encryption then third parties can not have access to data which we share or
receive. The encryption is done by using a secret key, or we can say that by using
a public key and private key. Both sender and receiver are having their public key
and private key through which encryption of plain text and decryption of
ciphertext is performed.
RC4 is a stream cipher and variable-length key algorithm. This algorithm
encrypts one byte at a time (or larger units at a time). A key input is a
pseudorandom bit generator that produces a stream 8-bit number that is
unpredictable without knowledge of input key, The output of the generator is
called key-stream, is combined one byte at a time with the plaintext stream cipher
using X-OR operation.

Example:
RC4 Encryption:
10011000? 01010000=11001000

RC4Decryption
11001000? 01010000 = 10011000
Key-Generation Algorithm –

The algorithm operates on a user-selected variable-length key(K) of 1 to 256

bytes (8 to 2048 bits), typically between 5 and 16 bytes. To generate a 256-byte
state vector S, the master key is used.

The first step is the array initialization. It is a character array of size 256 i.e.
S[256]. After that, for every element of the array, we initialize S[i] to i.

Code for array initialization:

Char S[256];
int i;
for(i=0;i<256;i++)
S[i] = i
The array will look like -
S[] = {0, 1, 2, 3, ------, 254, 255}

Key-Scheduling Algorithm(KSA):

KSA is going to use the secret key to scramble this array. KSA is a simple loop,
in which we are having two variable i and j. We are using these variables to
rearrange the array. Rearranging the array is done by using a secret key.
Code for KSA (Key Scheduling Algorithm ) :
int i, j=0;
for(i=0;i<256;i++)
{
j=( j + S[i] + T[i]) mod 256;
Swap(S[i], S[j]);
}
KSA has been scrambled, S[256] array is used to generate the Pseudo random
generation algorithm (Stream Generation)
Pseudo random generation algorithm (Stream Generation):
PRGA is the actual Keystream. Once the vector S is initialized, the input key
will not be used. In this step, for each S[i] algorithm swap it with another byte in
S according to a scheme dictated by the current configuration of S. After reaching
S[255] the process continues, starting from S[0] again

Code for PRGA (Pseudo Random Generation Algorithm):

i=j=0;
while(true)
{
i = ( i + 1 ) mod 256;
j = ( j + S[i] ) mod 256;
Swap( S[i], S[j] );
t = ( S[i] + S[j] ) mod 256 ;
k = S[t];
}

RC4 Block Diagram

Encrypt using X-Or():

Working of RC4:

Encryption Procedure
1. The user inputs a plain text file and a secret key.
2. The encryption engine then generates the keystream by using KSA and PRGA
Algorithm.
3. This keystream is now XOR with the plain text, this XORing is done byte by
byte to produce the encrypted text.
4. The encrypted text is then sent to the intended receiver, the intended receiver
will then decrypted the text and after decryption, the receiver will get the
original plain text.

Decryption Procedure
Decryption is achieved by doing the same byte-wise X-OR operation on the
Ciphertext.
Example: Let A be the plain text and B be the keystream (A xor B) xor B = A
Features of the RC4 encryption algorithm:

1. Symmetric key algorithm: RC4 is a symmetric key encryption algorithm,

which means that the same key is used for encryption and decryption.

2. Stream cipher algorithm: RC4 is a stream cipher algorithm, which means

that it encrypts and decrypts data one byte at a time. It generates a key stream
of pseudorandom bits that are XORed with the plaintext to produce the
ciphertext.

3. Variable key size: RC4 supports variable key sizes, from 40 bits to 2048 bits,
making it flexible for different security requirements.

4. Fast and efficient: RC4 is a fast and efficient encryption algorithm that is
suitable for low-power devices and applications that require high-speed data
transmission.

5. Widely used: RC4 has been widely used in various applications, including
wireless networks, secure sockets layer (SSL), virtual private networks (VPN),
and file encryption.

6. Vulnerabilities: RC4 has several vulnerabilities, including a bias in the first

few bytes of the keystream, which can be exploited to recover the key. As a
result, RC4 is no longer recommended for use in new applications.

Advantages:

1. Fast and efficient: RC4 is a very fast and efficient encryption algorithm,
which makes it suitable for use in applications where speed and efficiency are
critical.

2. Simple to implement: RC4 is a relatively simple algorithm to implement,

which means that it can be easily implemented in software or hardware.
3. Variable key size: RC4 supports variable key sizes, which makes it flexible
and adaptable for different security requirements.

4. Widely used: RC4 has been widely used in various applications, including
wireless networks, secure sockets layer (SSL), virtual private networks (VPN),
and file encryption.

5. RC4 stream ciphers are simple to use.

6. The speed of operation in RC4 is fast as compared to other ciphers.

7. RC4 stream ciphers are strong in coding and easy to implement.

8. RC4 stream ciphers do not require more memory.

9. RC4 stream ciphers are implemented on large streams of data.

Disadvantages:

1. Vulnerabilities: RC4 has several known vulnerabilities that make it

unsuitable for new applications. For example, there is a bias in the first few
bytes of the keystream, which can be exploited to recover the key.

2. Security weaknesses: RC4 has some inherent weaknesses in its design, which
make it less secure than other encryption algorithms, such as AES .

3. Limited key length: The maximum key length for RC4 is 2048 bits, which
may not be sufficient for some applications that require stronger encryption.

4. Not recommended for new applications: Due to its vulnerabilities and

weaknesses, RC4 is no longer recommended for use in new applications.
Other more secure stream cipher algorithms, such as AES-CTR or ChaCha20,
should be used instead.

5. If RC4 is not used with strong MAC then encryption is vulnerable to a bit-
flipping attack.
6. RC4 stream ciphers do not provide authentication.

7. RC4 algorithm requires additional analysis before including new systems.

8. RC4 stream ciphers cannot be implemented on small streams of data.

9. RC4 fails to discard the beginning of output keystream or fails to use non-
random or related keys for the algorithm.

Applications of RC4:

RC4 is used in various applications such as WEP from 1997 and WPA from
2003. We also find applications of RC4 in SSL from 1995 and it is a successor of
TLS from 1999. RC4 is used in varied applications because of its simplicity,
speed, and simplified implementation in both software and hardware.

Types of RC4

There are various types of RC4 such as Spritz, RC4A, VMPC, and RC4A.
1. SPRITZ: Spritz can be used to build a cryptographic hash function, a
deterministic random bit generator (DRBG), n an encryption algorithm that
supports authenticated encryption with associated data (AEAD).

2. RC4A: Souraduyti Paul and Bart Preneel have proposed an RC4 variant,
which they call RC4A, which is stronger than RC4.
3. VMPC: VMPC is another variant of RC4 which stands for Variably Modified
Permutation Composition.

4. RC4A+: RC4A+ is a modified version of RC4 with a more complex three-

phase key schedule which takes about three times as long as RC4 and a more
complex output function which performs four additional lookups in the S array
for each byte output, taking approximately 1.7 times as long as basic RC4.