Lecture – 10

Introduction of Cryptography
(Encryption Basics & Classical Ciphers)

Course Instructor: Hina Alam

([email protected])
Complete

Hill
Playfair
cipher
 Modern Stream Ciphers

RC4
(Rivest Cipher 4)
 Stream ciphers

► RC4 is a stream cipher designed by Ron Rivest in 1987.

⮚ Variable key size , Byte-oriented stream cipher
⮚ It's known for its simplicity and speed.
⮚ 8 to 16 operations are required per output byte
⮚ Extremely simple and easy to explain, very fast

► Stream Cipher: Encrypts one byte at a time, unlike block ciphers

which work on fixed-size blocks of data.
► Common Uses: Historically used in protocols like SSL/TLS, WEP
(Wired Equivalent Privacy), and WPA (Wi-Fi Protected Access).
⮚ Widely used in web and wireless
How RC4 Works
1- Key Scheduling Algorithm (KSA):
KSA is used to transform the key into a well-
mixed and secure initial state of the key.

▪ The KSA is responsible for setting up an initial state array called S.

(This array is filled with numbers from 0 to 255)

▪ Using a variable-length key (typically between 40 and 256 bits),

KSA mixes up the values in S.
▪ It starts by initializing S with a simple sequence of numbers (0, 1,
2, ..., 255).
▪ Then, using the key, KSA shuffles this sequence to make it more
random.
▪ This shuffling ensures that the cipher will behave unpredictably for
Key Scheduling Algorithm (KSA)

▪ Initialization:

Create an array S with values from 0 to 255 (S-box).

▪ Key Mixing:
Using the key, mix the values in S by swapping
elements, creating a pseudo-random permutation of 0–
255.
 How RC4 Works
2- Pseudo-Random Generation Algorithm (PRGA):
Uses the state array to generate a stream of pseudo-
random bytes (key stream) which are XORed with
plaintext bytes for encryption.

PRGA uses the shuffled array to generate

a continuous stream of random-like bytes
for encryption.
Pseudo-Random Generation
Algorithm (PRGA)

▪ Index Generation:
Two pointers, i and j, are used to generate the pseudo-
random stream.

▪ Swapping:
Values in the S array are continually swapped.

▪ Key Stream:
Output bytes are selected by using the S[i] + S[j] values
as indices in the array.
⦿ A variable-length key of from 1 to 256 bytes is used to
initialize a 256-byte state array S, with elements S[0], S[1],
……, S[255].

⦿ For encryption and decryption, a byte k is generated from S

by selecting one of the 255 entries in a systematic way.

⦿ As each value of key is generated, the entries in S are once

again permuted
RC4
🡪 ( 3 Steps )

Ste
p Initialisation of S
1

⦿ The entries of S are set equal to the values from 0 to 255

in ascending order. i.e.
S[ 0 ] = 0
S[ 1 ] = 1
…… Concept

……
……
S[ 255 ] = 255
Ste Initialisation of S Code
p
//********************************************************
1 S[ 0 ] = 0
S[ 1 ] = 1
for i = 0 to 255 do ……
……
S[ i ] = i ……
//********************************************************
S[ 255 ] = 255
 RC4

key k
Given a of length m
bytes
Ste
p
Initial Permutation of S
2 // This involves starting with S[0] and going through S[255], and for each
S[i], swapping S[i] with another byte in S as obtained by some mechanism

m = Size of key
j=0 >0
256 = Size of state
for i = 0 to 255 do array S

j = ( j + S[ i ] + k[ i mod m ] ) mod 256

swap ( S[ i ], S[ j ] )
Result of mod 256 = 0 to
255
i mod m =
0 to m-1
 RC4

Ste
p RC4 Encryption
3 ⦿ Encryption continues shuffling array values
⦿ Sum of shuffled pair selects "stream key" value t
⦿ XOR with next byte of message to en/decrypt
i=j=0
for each message byte Mb
A i = ( i + 1 ) mod 256 Increment in i

Calculation of j
B
j = ( j + S[ i ] ) mod 256
C Final Permutation of S
swap( S[ i ] , S[ j ] )
D t = ( S[ i ] + S[ j ] ) mod 256 Calculation of t

E Ci = Mb XOR S[ t ] XOR Operation

Given a key k of length 2 k[0] k[1]
bytes 10001001 01010001

S[0] S[1] S[2] S[3]

Initialisation of S 00000000 00000001 00000010 00000011
//*****************************
for i = 0 to 3 do Loop executes according to the size of state
S[ i ] = i array S

Initial permutation of S
m = 2 = Size of Key
j=0
for i = 0 to 3 do
j = ( j + S[ i ] + k[ i mod 2 ] ) mod
4 swap ( S[ i ], S[ j ] )
4 = Size of state array S
 RC4 Example
Initial permutation of S
j=0 10001001 = 137 in
for i = 0 to 3 do Decimal
j = ( j + S[ i ] + k[ i mod 2] ) mod
4 k[0] 10001001 01010001 k[1]
swap ( S[ i ], S[ j ] )
S[0] S[1] S[2] S[3]
00000000 00000001 00000010 00000011

i=0 j = (0 + S[0] + k[0]) mod

4
= (0 +0+137) mod 4=
1 swap ( S[0], S[1] )
S[2] S[3]
S[0]
00000001 S[1]
00000000 00000010 00000011
 RC4 Example
Initial permutation of S
j=0 01010001 = 81 in
for i = 0 to 3 do Decimal
j = (j + S[i] + k[i mod 2]) mod 4
k[0] 10001001 01010001 k[1]
swap (S[i], S[j])
S[0] S[1] S[2] S[3]
00000001 00000000 00000010 00000011

i=1 j = (1 + S[1] + k[1]) mod 4

= (1 + 0 + 81) mod 4=
2 swap (S[1], S[2])
S[0] S[1] S[2] S[3]
00000001 00000010 00000000 00000011
 RC4 Example
Initial permutation of S
j=0
for i = 0 to 3 do
j = (j + S[i] + k[i mod 2]) mod 4
k[0] 10001001 01010001 k[1]
swap (S[i], S[j])
S[0] S[1] S[2] S[3]
00000001 00000010 00000000 00000011

i=2 j = (2 + S[2] + k[0]) mod 4

= (2 +0+137)%4=
3 swap (S[2], S[3])
S[0] S[1] S[2] S[3]
00000001 00000010 00000011 00000000
 RC4 Example
Initial permutation of S
j=0
for i = 0 to 3 do
j = (j + S[i] + k[i mod 2]) mod 4
k[0] 10001001 01010001 k[1]
swap (S[i], S[j])
S[0] S[1] S[2] S[3]
00000001 00000010 00000011 00000000

i=3 j = (3 + S[3] + k[1]) mod 4

= (3 +0+81)%4=
0 swap (S[3], S[0])
S[0] S[1] S[2] S[3]
00000000 00000010 00000011 00000001
 RC4 Example
S[0] S[1] S[2] S[3]
00000000 00000001 00000010 00000011

Initial Permutation
of S

S[0] S[1] S[2] S[3]

00000000 00000010 00000011 00000001

Note: Not complete, Encryption Step still remaining.

1 Initialisation of S S[0] = 0 , S[1] = 1 , ……, S[255] = 255

for i = 0 to 255 do
S[i]=i
Given a key k of length m bytes
2 Initial permutation of S
j=0
for i = 0 to 255 do
j = ( j + S[ i ] + k[ i mod m ] ) mod 256
swap ( S[ i ], S[ j ] )

3 RC4 Encryption
i=j=0
for each message byte Mi
i = ( i + 1 ) mod 256 , j = ( j + S[ i ] ) mod 256
Final permutation
swap( S[ i ], S[ j ] )
of S

t = ( S[ i ] + S[ j ] ) mod 256
 k[0] k[1]
Given a key k of length 2
bytes 10001001 01010001

Initialisation of S
for i = 0 to 3 do S[0] S[1] S[2] S[3]
1
00000000 00000001 00000010 00000011
S[i] = i

2 Initial permutation of S Plaintext:

j=0 10100010
for i = 0 to 3 do
j = ( j + S[ i ] + k [ i mod 2 ] ) mod
4 swap ( S[ i ], S[ j ] )
i=0 j = ( 0 + S[0] + k[0] ) mod 4
= ( 0 +0+137 ) % 4 = 1
swap ( S[0], S[1] )
S[3]
S[0] S[1] S[2]
00000001 00000000 00000010 00000011
2
Initial permutation of S
j=0
k[0] 10001001 01010001 k[1]
for i = 0 to 3 do
j = ( j + S[i] + k[i mod 2] ) mod
4 swap ( S[i], S[j] )

S[0] S[1] S[2] S[3]

00000001 00000000 00000010 00000011

i=1 j = ( 1 + S[1] + k[1] ) mod 4

= ( 1 +0+81 ) % 4 = 2
swap ( S[1], S[2] )

S[0] S[1] S[2] S[3]

00000001 00000010 00000000 00000011
2
k[0] 10001001 01010001 k[1]
Initial permutation of S
j=0
for i = 0 to 3 do
j = (j + S[i] + k[i mod 2]) mod 4
swap (S[i], S[j])
S[0] S[1] S[2] S[3]
00000001 00000010 00000000 00000011

i=2 j = (2 + S[2] + k[0]) mod

4
= (2 +0+137)%4=
3 swap (S[2], S[3])
S[0] S[1] S[2] S[3]
00000001 00000010 00000011 00000000
2
Initial permutation of S
k[0] 10001001 01010001 k[1]
j=0
for i = 0 to 3 do

j = (j + S[i] + k[i mod 2]) mod 4

swap (S[i], S[j]) S[0] S[1] S[2] S[3]
00000001 00000010 00000011 00000000

i=3 j = (3 + S[3] + k[1]) mod

4
= (3 +0+81)%4=
0 swap (S[3], S[0])

S[0] S[1] S[2] S[3]

00000000 00000010 00000011 00000001
 S[0] S[1] S[2] S[3]
00000000 00000001 00000010 00000011

2 Initial Permutation of S

S[0] S[1] S[2] S[3]

00000000 00000010 00000011 00000001
 k[0] k[1] S[0] S[1] S[2] S[3]
10001001 01010001 00000000 00000010 00000011 00000001

RC4 Encryption: i=j=0 Plaintext:

for each message byte M 10100010
11001010
i = (i + 1) mod 4 , j = (j + S[i]) mod
4 swap (S[i], S[j])
t = (S[i] + S[j]) mod 4
C = M XOR S[t]
RC4 Encryption: Plaintext:
i=j=0 1st Byte 10100010

i = ( i + 1 ) mod 4 = ( 0 + 1 ) mod 4 = 1
j = ( j + S [ i ] ) mod 4 = ( 0 + S [ 1 ] ) mod 4 = ( 0 + 2 ) mod
4 = 2 swap ( S[ i ], S[ j ] ) = swap ( S[1], S[2] )
S[0] S[1] S[2] S[3]
00000000 00000011 00000010 00000001

t = ( S[ i ] + S[ j ] ) mod 4 = ( S[1] + S[2] ) mod 4 = ( 3 + 2 ) mod 4 = 1

C = M XOR S[ t ] = 10100010 XOR S[ 1 ] = 10100010 XOR 00000011
= 10100001
 k[0] k[1] S[0] S[1] S[2] S[3]
10001001 01010001 00000000 00000011 00000010 00000001

RC4 Encryption: Plaintext:

i=j=0 10100010
11001010
for each message byte M
i = (i + 1) mod 4 , j = (j + S[i]) mod 4 swap (S[i], S[j])
t = (S[i] + S[j]) mod 4
C = M XOR S[t]
Plaintext:
RC4 Encryption: See Previous 2nd Byte 11001010
Slide
i = 1, j = 2 S[0] S[1] S[2] S[3]
00000010 00000011 00000000 00000001
i = ( i + 1 ) mod 4 = ( 1 + 1 ) mod 4 = 2
j = ( j + S [ i ] ) mod 4 = ( 2 + S [ 2 ] ) mod 4 = ( 2 + 2 ) mod 4 = 0
swap ( S[ i ], S[ j ] ) = swap ( S[2], S[0] )

t = ( S[ i ] + S[ j ] ) mod 4 = ( S[2] + S[0] ) mod 4 = ( 0 + 2 ) mod 4 = 2

C = M XOR S[ t ] = 11001010 XOR S[ 2 ] = 11001010 XOR 00000000
= 11001010
Calculate the Ciphertext for the following plaintext. Show the work step by
step.

Given a key k of length m (2) k[0] 10001001 k[1] 01010001

bytes
Initialisation of S: for i = 0 to 1 do
S[i] = i S[0] 00000000 S[1] 00000001

Initial permutation of S: j=0

for i = 0 to 1 do
j = (j + S[i] + k[i mod m]) mod 2
swap (S[i], S[j])
RC4 Encryption: i=j=0
for each message byte Mi Plaintext:

i = (i + 1) mod 2 10010001
11100101
j = (j + S[i]) mod 2
swap(S[i], S[j])
t = (S[i] + S[j]) mod 2
Ci = Mi XOR S[t]
RC4 Encryption Example

▪ Plaintext: "HELLO" (ASCII values: 72, 69, 76, 76, 79)

▪ Key: "KEY" (ASCII values: 75, 69, 89)

RC4 Decryption
Plain text U S
Example
ASCII 85 83
Binary 0101 0101
▪ Plaintext: US
0101 0011
▪ Key: prime numbers are
recommended but this is just for
example to understand what
Key 24 15
happened if numbers are not prime.
K[i] K[0] K[1]
▪ State array size: 4 Binary 0101 0101
0101 0011

S[i] S[0] S[1] S[2] S[3]

Contents 0 1 2 3
of S
0000 0000 0000 0000
0000 0001 0010 0011
Initial state array for randomize key
Class Activity
▪ Calculate the Ciphertext for the following plaintext. Show the
work step by step.
▪ Given a key k of length m (2) byte
Class Activity
Vulnerabilities of RC4
• Bias in Output: The first few bytes of the key stream
have known biases, making RC4 susceptible to
cryptanalysis.

• WEP Protocol Vulnerability: RC4 was used in the

WEP protocol, but due to improper implementation, it
was easily broken.

• TLS Concerns: RC4 has been deprecated in modern

versions of TLS due to biases and potential
vulnerabilities.
RC4 in Real-World Applications

• Historical Usage: RC4 was widely used in SSL/TLS and WPA due
to its simplicity and speed.

• Deprecated: Today, RC4 is no longer recommended due to security

vulnerabilities.

• Modern Alternatives: AES (Advanced Encryption Standard) and

ChaCha20 are preferred in modern encryption systems.