ECE 575 Data Security and Cryptography
Shyh-Sen Huang
Overview:
RC4 is the most widely used stream cipher in these days, especial for the software applications. This is because the structure of RC4 is very simple and can be implement in software efficiently. Although RC4 has a huge internal state which includes a permutation of {0, 1, …., N-1}, it has the light-weight key scheduling and the output generation processes. It was seemed as a safe cryptography algorithm until 1994. In September, 1994, the algorithm was posted by someone on the Internet and is available for public analysis now.
RC4 Stream Cipher:
There are so many stream ciphers in these days, and most of them are implemented by using linear feedback shift registers. These stream ciphers are easy to implement in hardware. However, maybe not in the software. In 1987, Ron Rivest developed the RC4 stream cipher. It is suitable for software applications, and is used widely nowadays. For example, RC4 is used in SSL ( Secure Sockets Layer) protocol. It is also be used in WEP (Wired Equivalent Privacy) and many network applications.
There are mainly two steps in RC4 implementation. One is the key-scheduling algorithm (KSA) and the other is the pseudo-random generation part (PRGA). KSA turns a random key into an initial permutation S, and PRGA uses the permutation to generate the pseudo-random output sequence. It loops the following four operations:
(1) Increase i as a counter.
(2) Increase j pseudo-randomly.
(3) Exchange the values of S which are pointed to i and j.
(4) Generate the S pointed to S[ i ]+S[ j ].
KSA initializes S to the identity permutation. It has a round operation N times, just like PRGA. Finally, it updates the j by adding S [ i ] and the next word of the key.
RC4 Analysis:
Pros:
Easy to compute, so it can be used in fast applications.
It is not hard to implement in software application.
There are enough information about RC4 that is public.
Cons:
With a huge internal state. ( require a large data structure)
It is vulnerable to brute-force attack.
Instructions for running the RC4 program:
Download the Source Code (RC4.c)
Complier the file (ex: in Unix, use the command " gcc RC4.c" )
After you complier the source code, you can get the executable file-- RC4.exe ( you can also download from Here) or a.out (in Unix)
Run the executable file (ex: in Unix, use " ./a.out " )
It will show RC4 Key Input_File Out_File on your screen. The Input_File is the file that you want to "encrypt" or "decrypt".
Benchmark on Several Computer Platforms:
I executed the program in several computer platforms, and test the performance. The following table is the average time when encrypting a 42 mega-bytes file.
|
Test Platform |
Time ( secs) |
| IBM X31 Laptop (WinXP) | 8.825 |
| HP Workstation x2100 (WinXP) | 4.915 |
| HP Workstation x2100 (Red Hat 8) | 5.340 |
| HP Workstation x2100 (Knoppix 3.0)* | 3.865 |
| Sun Ultra10 (Sun OS 5.8) | 33.615 |
Appendix:
We can note that the fastest platform is HP Workstation X2100( Knoppix 3.0). I think this is because the Knoppix use the ram-disk to store applications and data. Therefore, there will be little time to access the hard disk.
References:
[1]. A Related-Key Cryptanalysis of RC4, Alexander L. Grosul and Dan S. Wallach
[2]. Weaknesses in the Key Scheduling Algorithm
of RC4, Scott Fluhrer, Itsik Mantin, and Adi Shamir
[3]. http://www.acm.uiuc.edu/sigmil/newsite/talks/crypto/ch07.html#id2831384
[4] Implementation of RC4 and MD5, Siddharth Anand, Harshman Singh