Scribd
Upload
4 views18 pages

Bitsf463 Lect11

Uploaded by

DHRUV CHOUDHARY
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
4 views18 pages

Bitsf463 Lect11

Uploaded by

DHRUV CHOUDHARY
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

BITS F463

CRYPTOGRAPHY
2nd sem 2024-2025
Lecture 11
Stream Ciphers

BITS Pilani, Hyderabad Campus


Stream Ciphers
• process message bit by bit (as a stream)
• pseudo random keystream
• combined (XOR) with plaintext bit by bit
• randomness of stream key completely destroys
statistical properties in message
– Ci = Mi XOR StreamKeyi
• But we must never reuse stream key
– otherwise attacker can recover messages

BITS Pilani, Hyderabad Campus


Random numbers &
pseudo random numbers
❖ The difference is in the statistical properties of a stream of numbers. A good
pseudo-random number generator (PRNG) gives you a fast way to generate
a stream of numbers that looks similar enough to a truly random stream in
many statistical tests.
❖ Usually, PRNGs are actually deterministic and their outputs are periodic, but
the period is so huge you'll never notice. For example, the most common
version of the Mersenne twister PRNG has a period length of 219937−1.
❖ Pseudo random numbers are generated by computers using an algorithm
(there are many) and a seed (either chosen by the user or, sometimes,
clock time). They are not strictly random as, if you start with the same seed
and same algorithm, you will get the same numbers

BITS Pilani, Hyderabad Campus


Stream Ciphers and random keys
• process message bit by bit (as a stream)
• have a pseudo random keystream
• combined (XOR) with plaintext bit by bit
• randomness of stream key completely destroys
statistically properties in message
– Ci = Mi XOR StreamKeyi
• but must never reuse stream key
– otherwise one can recover messages

BITS Pilani, Hyderabad Campus


Stream Cipher Structure

BITS Pilani, Hyderabad Campus


Evolution of RC4

➢ RC4 is a stream cipher designed in 1987 by Ron Rivest for RSA Security. It
is a variable key-size stream cipher with byte-oriented operations. The
algorithm is based on the use of a random permutation
➢ Analysis shows that the period of the cipher is overwhelmingly likely to be greater
than 10^100. Eight to sixteen machine operations are required per output byte, and
the cipher can be expected to run very quickly in software
➢ RC4 is probably the most widely used stream cipher. It is used in the SSL/TLS
secure web protocol, & in the WEP (Wired Equivalent Privacy) & WPA (WiFi
Protected Access) wireless LAN security protocols
➢ RC4 was kept as a trade secret by RSA Security, but in September 1994 it was
anonymously posted on the Internet on the Cypherpunks anonymous remailers list.
➢ RC4 key is used to form a random permutation of all 8-bit values, it
then uses that permutation to scramble input info processed a byte at
a time

BITS Pilani, Hyderabad Campus


RC4
• a proprietary cipher owned by RSA DSI
• another Ron Rivest design, simple but effective
• variable key size, byte-oriented stream cipher
• widely used (web SSL/TLS, wireless WEP)
• key forms random permutation of all 8-bit values
• uses that permutation to scramble input info
processed a byte at a time

BITS Pilani, Hyderabad Campus


RC4 – Some basic statistics

Designers Ron Rivest (RSA


Security)
First published Leaked in 1994
(designed in 1987)
Cipher detail
Key sizes 8–2048 bits (1 – 256
bytes)
State size 2064 bits
(1684 effective)
Rounds 1 BITS Pilani, Hyderabad Campus
Key schedule of RC4

❖ The RC4 key schedule initialises the state S to the


numbers 0..255, and then walks through each entry in
turn, using its current value plus the next byte of key to
pick another entry in the array, and swaps their values
over
❖ After doing this 256 times, the result is a well and truly
shuffled array
❖ The total number of possible states is 256! - a truly
enormous number, much larger even than the 2048-bit
(256*8) max key allowed can select.

BITS Pilani, Hyderabad Campus


RC4 Key Schedule
• starts with an array S of numbers: 0..255 ; use key to well and truly shuffle ; S forms initial
state of the cipher
/* Initialization */
for i = 0 to 255 do
S[i] = I // variable length key of 1-
256 bytes//
T[i] = K[i mod keylen]) // K is length
of the key //
/* Initial Permutation of S */
j = 0
for i = 0 to 255 do
j = (j + S[i] + T[i]) (mod 256)
swap (S[i], S[j])
BITS Pilani, Hyderabad Campus
Initialization
➢ To begin, the entries of S are set equal to the values from
0 through 255 in ascending order;
➢ S[0] = 0, S[1] = 1, c, S[255] = 255. A temporary vector, T, is
also created.
➢ If the length of the key K is 256 bytes, then K is transferred
to T.
➢ Otherwise, for a key of length keylen bytes, the first keylen
elements of T are copied from K, and then K is repeated
as many times as necessary to fill out T.

BITS Pilani, Hyderabad Campus


Initial permutation of S

➢ Now, we use T to produce the initial permutation of S


➢ This involves starting with S[0] and going through to
S[255], and for each S[i], swapping S[i] with another byte
in S according to a scheme dictated by T[i]
➢ Because the only operation on S is a swap, the only
effect is a permutation
➢ S still contains all the numbers from 0 through 255

BITS Pilani, Hyderabad Campus


RC4 Encryption
• encryption continues shuffling array values
• sum of shuffled pair selects "stream key" value
from permutation
• XOR S[t] with next byte of message to
en/decrypt
• /* Stream Generation */
i = j = 0
for each message byte Mi
i = (i + 1) (mod 256)
j = (j + S[i]) (mod 256)
swap(S[i], S[j])
t = (S[i] + S[j]) (mod 256)
Ci = Mi XOR S[t] // here S[t] is k
BITS Pilani, Hyderabad Campus
Stream generation

➢ Once the S vector is initialized, the input key is no longer


used
➢ Stream generation involves cycling through all the elements
of S[i], and for each S[i], swapping S[i] with another byte in S
according to a scheme dictated by the current configuration
of S
➢ After S[255] is reached, the process continues, starting over
again at S[0]
➢ To encrypt, XOR the value k with the next byte of plaintext
➢ To decrypt, XOR the value k with the next byte of ciphertext

BITS Pilani, Hyderabad Campus


RC4 Logic

BITS Pilani, Hyderabad Campus


Security using RC4

➢ Lot of publications analyzing methods of attacking RC4, but


none of these approaches is practical against RC4 with a
reasonable key length, such as 128 bits
➢ A more serious problem is in its use in the WEP protocol, not
with RC4 itself but the way in which keys are generated for
use as input to RC4
➢ Currently RC4 is regarded as quite secure, if used
correctly, with a sufficiently large key

BITS Pilani, Hyderabad Campus


RC4 Security
• claimed secure against known attacks
– have some analyses, none practical
• result is very non-linear
• since RC4 is a stream cipher, we must never
reuse a key
• There is concern with WEP, but due to key
handling rather than RC4 itself

BITS Pilani, Hyderabad Campus

You might also like