Stream Ciphers

Introduction To Symmetric Ciphers

 A symmetric cipher is a 5-tuple (E,D,M,K,C),where
M — a set of plaintexts;
K — a set of keys;
C — a set of ciphertexts;
E — a set of encryption algorithm;
D — a set of decryption algorithm;
 Encryption : C = Ek(M)
 Decryption : M= Dk(C)
 Note : M = Dk(C) = Dk(Ek(M))
Introduction To Symmetric Ciphers
 The above setup is called a symmetric key
system since both parties need access to the
secret key. The cipher designer must play two
roles, that of someone trying to break as well as
create a cipher. The following figure describes
a simple model for enciphering bits:
Plaintext Ciphertext Plaintext
Encryption Decryption
Random bit stream Random bit stream
⊕ ⊕
Introduction To Symmetric Ciphers
 This is particularly efficient since we can use the
simplest operation available on a computer, namely
exclusive-or ⊕ . The key is different for every message
and the key is as long as the message, then such a
system can be shown to be perfectly secure, namely
we have the one-time pad. However, the one-time pad
is not practical in many situations.
1. We would like to use a short key to encrypt a long
message.
2. We would like to reuse keys.
Introduction To Symmetric Ciphers
 Keep in mind of the Kerckhoffs’ principle
1. both the encryption and decryption functions are
public
2. the secrecy of the message, given the ciphertext,
depends totally on the secrecy of the secret key k.
 The key space needs to be large enough to avoid brute
force.
 The main ways to attack bulk cipher:
1. Passive attack
2. Active attack
Stream Cipher Basics
Plaintext
110010101
Ciphertext
⊕ 011011011
Keystream
Keystream generator
101001110

Secret Key

A simple model of stream cipher, thus we have

ci = m i ⊕ k i
Stream Cipher Basics
 the advantage of steam cipher
1. They allow very fast encryption of large amounts
of data
2. No error propagation
 The problems of stream cipher
1. The keys need to change frequently.
2. Keystream generator needs to produce a keystream
with a number of properties.
 Key
Key generator

Keystream
Key generator
...10100101

Plain message Cipher message

… 01101011 ...11001110
Requirements for a good keystream
• Good randomness distribution
• Long period
• High complexity
Linear Feedback Shift Registers
 Feedback shift registers are small circuits
containing a number of memory cells, each of
which holds one bit of information. The
working is explained as follows

SL-1 SL-2 SL-3 … S2 S1 S0

Feedback function
 Example 1 - LFSR
st+3 = st+1+ st
S0 S1 S2
S0 S1 S2
0 0 1
0 1 0
1 0 1

Initial fill determines the sequence of 0 1 1

states 1 1 1
1 1 0
Generates a periodic sequence 1 0 0

…0010111... -----------------
0 0 1
Maximal period 2 -1=7
3
 RC4 Basics

A symmetric key encryption algorithm invented by Ron Rivest

Variable key size, byte-oriented stream cipher
 Normally uses 64 bit and 128 bit key sizes.
Used in
 SSL/TLS (Secure socket, transport layer security) between
web browsers and servers,
 IEEE 802.11 wireless LAN std: WEP (Wired Equivalent
Privacy), WPA (WiFi Protocol Access) protocol
RC4 Block Diagram
Secret Key

RC4

Keystream

Encrypted
Plain Text + Text

Cryptographically very strong and easy to implement

RC4 …Inside
Consists of 2 parts:
 Key Scheduling Algorithm (KSA)
 Pseudo-Random Generation Algorithm
(PRGA)
KSA KSA

 Generate State array PRGA

PRGA on the KSA
 Generate keystream
 XOR keystream with the data to
generated encrypted stream
The KSA
Use the secret key to initialize and permutation of state vector S,
done in two steps
Use 8-bit index pointers i and j
1 2
j = 0;
for i = 0 to 255 do for i = 0 to 255 do
S[i] = i; j = (j+S[i]+T[i])(mod 256)
T[i] = K[i mod(|K|)]); swap (S[i], S[j])

[S], S is set equal to the values from 0 to 255

S[0]=0, S[1]=1,…, S[255]=255
[T], A temporary vector
[K], Array of bytes of secret key
|K| = Keylen, Length of (K)
• Use T to produce initial permutation of S
• The only operation on S is a swap;
S still contains number from 0 to 255

After KSA, the input key and the temporary vector T will be no longer used
The PRGA
Generate key stream k , one by one
XOR S[k] with next byte of message to encrypt/decrypt

ii == jj == 0;0;
While
While (more_byte_to_encrypt)
(more_byte_to_encrypt)
ii == (i(i ++ 1)
1) (mod
(mod 256);
256);
jj == (j(j ++ S[i])
S[i]) (mod
(mod 256);
256);
swap(S[i],
swap(S[i], S[j]);
S[j]);
kk == (S[i]
(S[i] ++ S[j])
S[j]) (mod
(mod 256);
256);
CCii == MMii XOR
XOR S[k];
S[k];

Sum of shuffled pair selects "stream key" value

from permutation
 RC4 Lookup Stage
The output byte is selected by looking up the values of S[i] and S[j],
adding them together modulo 256, and then looking up the sum in S
 S [S[i] + S[j]] is used as a byte of the key stream, K

ii == jj == 0;0;
While (more_byte_to_encrypt)
While (more_byte_to_encrypt)
ii == (i(i ++ 1)
1) (mod
(mod 256);
256);
jj == (j(j ++ S[i])
S[i]) (mod
(mod 256);
256);
swap(S[i], S[j]);
swap(S[i], S[j]);
kk == (S[i]
(S[i] ++ S[j])
S[j]) (mod
(mod 256);
256);
CCii == MMii XOR
XOR S[k];
S[k];
Detailed Diagram
Overall Operation of RC4