INFORMATION SECURITY

SENS-4533

Week 5
Stream Cipher – RC4

Dr Nauman Mazhar
University of Central Punjab
Outline
 Product cipher
 Concept of confusion / diffusion
 Stream vs Block ciphers
 Stream cipher - RC4
◦ Key Scheduling Algorithm
◦ Pseudo-random Generation Algorithm
◦ Encryption / Decryption

 Revision
◦ number system conversions

2
Product Ciphers
 Cipher using only substitutions / transpositions not secure
◦ language characteristics

 Using several ciphers in succession, can make them stronger

◦ two substitutions → give more complex substitution
◦ two transpositions → give more complex transposition

“but substitution followed by transposition makes

a new much stronger cipher”
 Product cipher
◦ forms the bridge from Classical to Modern ciphers

3
Confusion & Diffusion
 Claude Shannon proposed use of substitution-permutation
(S-P) networks in 1949

 Combine substitution & permutation elements to obtain…

◦ Confusion
◦ Diffusion

4
Confusion & Diffusion
Confusion
 Encryption algo should transform information from plaintext such
that message is not readily recognizable
“Complex functional relationship should exist between
plaintext / key pair & ciphertext”

◦ Caesar cipher does not provide much confusion

 transformation is simple
 if few letters found, remaining predicted easily

◦ OTP provides good confusion

 plaintext letter could be transformed to any ciphertext letter

5
Confusion & Diffusion
Diffusion
“Cipher should spread information from plaintext
over the entire ciphertext”

◦ a change in plaintext should affect many parts of ciphertext

◦ good diffusion implies that…

 large amount of ciphertext would be required to break the
cipher – cryptanalysis

6
Symmetric Ciphers

7
Symmetric Ciphers
 Symmetric ciphers are one of the most widely used crypto
algorithms
“same key used for both encryption & decryption”

 Symmetric ciphers categorized as:

◦ Stream cipher
◦ Block cipher

8
Stream Ciphers
 Stream ciphers
◦ Encrypt digital data stream, one plaintext symbol at a time

◦ Encryption done by XOR of plaintext symbol with key

 require key stream ki as long as plaintext bit stream pi
 if key stream is random, cipher is unbreakable

◦ Requires same key stream at both ends

 provided in advance, or
 generated with an algo at runtime

9
Stream Ciphers

 bit stream generator is key controlled

 users share the key
 generate same key stream at sender & receiver

10
Block Ciphers
 Block ciphers
◦ Encrypt multiple plaintext symbols at a time
 typical block sizes of
64 or 128 bits

◦ Blocks of plaintext encrypted as a whole

 produce ciphertext blocks of
equal length

◦ Successive blocks usually handled

independently
 memoryless

11
Block Ciphers
• Input bit stream divided into n-bit blocks to encrypt

12
Stream vs Block Ciphers
Speed of Transformation

 Stream cipher
◦ each plaintext symbol encrypted as soon as read
(without regard for other symbols)
◦ high speed – encryption time/speed depends only on algo
(not on time to receive more plaintext)

 Block cipher
◦ encryption process is slower
◦ encryption must wait until an entire block of plaintext symbols
is received – low speed

13
Stream vs Block Ciphers
Diffusion

 Stream cipher
◦ each plaintext symbol is enciphered separately
◦ low diffusion – ciphertext symbol contains info from only one
plaintext symbol

 Block cipher
◦ several plaintext symbols enciphered together
◦ high diffusion – info from several plaintext symbols diffused into
several ciphertext symbols

14
Stream Cipher - RC4

15
RC4 Basics
 Stream Cipher – invented by Ron Rivest, in 1987
◦ Symmetric keys of variable length
key sizes → between 40 & 2048 bits
◦ encrypts one byte of data at a time
◦ simplicity & speed in software

 Used earlier in SSL/TLS & WEP (IEEE 802.11 wireless N/W)

 Encryption algo comprises 2 parts:

◦ Key Scheduling Algorithm (KSA)
◦ Pseudo-Random Generation Algorithm (PRGA)

16
RC4 Block Diagram

Secret Key

Key Scheduling Algo

RC4 Algorithm Pseudo-Random Generation
Algo

Keystream

Plaintext Ciphertext
+

17
RC4 …break up

 Initialize an array S[ ] of 256 bytes

 Initialize a temporary array T[ ] from Key
 Run KSA on these arrays to scramble S[ ]
 Run PRGA (on output of KSA) to generate keystream
 XOR data with keystream

18
Array Initialization
 Initialize an array of 256 characters, S[ ] as:
char S [256];
for ( i = 0; i < 256; i++ )
S[i] = i;

After this, array S[ ] would like:

S[ ] = { 0, 1, 2, 3, ……, 254, 255}

 Initialize a temporary array T[ ] from secret key K[ ]:

for ( i = 0; i < 256; i++ )
T[i] = K [ i mod keylen ];

19
The KSA
 Initialized arrays S[ ] & T[ ] are then run through KSA
 KSA uses secret key to scramble elements of array S[ ]

int j = 0;
int i;
for ( i = 0; i < 256; i++ )
{
j = ( j + S [i] + T [i] ) % 256;
swap ( S [i], S [j] );
}

20
The PRGA
 KSA scrambled S [256] array is subjected to PRGA
 This generates the actual keystream

i = j = t = 0;
while ( plaintext_bytes )
{
i = ( i + 1) % 256;
j = ( j + S[i] ) % 256;
swap ( S[i], S[j] );
t = ( S[i] + S[j] ) % 256;
keystream = S [ t ];
}
21
Encryption using RC4

RC4 File Encryptor

 Choose a secret key K
 Use secret key to generate RC4 keystream (KSA & PRGA)
 Read the plaintext bytes in file
 XOR each plaintext byte with corresponding keystream byte
 Write encrypted bytes to a file
 Transmit file over the insecure channel

22
Decryption using RC4
RC4 File Decryptor
 Use same secret key K, as used in encryption phase
 Generate keystream by running KSA & PRGA
 XOR every encrypted byte with corresponding byte of
keystream
 This yields the original plaintext bytes

Logic is simple :
(A xor B) xor B = A

A = Plain Text or Data

B = KeyStream

23
Example : Simplified RC4
 Consider an S[ ] array of 8 bytes, which after initializing is :
S[ ] = [ 0, 1, 2, 3, ……, 7 ]

 If key is K = [ 3 1 4 1 5 ], the T[ ] array becomes :

T[ ] = [ 3, 1, 4, 1, 5, 3, 1, 4 ]

 KSA for Simplified RC4 is:

int i = j = 0;
for ( i = 0; i < 8; i++ )
{
j = ( j + S [i] + T [i] ) % 8;
swap ( S [i], S [j] );
}
24
Example : Simplified RC4
 The PRGA for Simplified RC4 generates the keystream as:
i = j = t = 0;
while ( plaintext_bytes )
{
i = ( i + 1) % 8;
j = ( j + S[i] ) % 8;
swap ( S[i], S[j] );
t = ( S[i] + S[j] ) % 8;
keystream = S [ t ];
}
 If plaintext is P = [6, 1, 5, 4], find the keystream and verify that
Ciphertext comes out to be C = [7, 1, 5, 6]
25
RC4 demo video
 Following video shows and explains the RC4 encryption algo
with example:

https://www.youtube.com/watch?v=1UP56W
M4ook&ab_channel=CryptographyHome

26
Number Systems

27
Number Systems & Conversions

 Binary Numbers
 Hexadecimal Numbers
 Number system conversions
◦ Decimal to binary
◦ Binary to decimal
◦ Hexadecimal to binary
◦ Binary to Hexadecimal

28
Number Systems
• Commonly used number systems in computer work:

Name Base Basic Digits

Decimal 10 0,1,2,3,4,5,6,7,8,9

Binary 2 0,1

Hexadecimal 16 0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F

29
Decimal  Binary
 Convert decimal 41 to binary:

(41)10 = (101001)2

Remainder
41 / 2 = 20 R 1 1 Least
significant
20 / 2 = 10 R 0 0
digit
10 / 2 = 5 R 0 0
5/2 = 2 R 1 1
Most
2/2 = 1 R 0 0 significant
1/2 = 0 R 1 1 digit

30
Binary  Decimal
 Convert from binary to decimal – (101001)2

1010012 = 1×32 + 0×16 + 1×8 + 0×4 + 0×2 + 1×1

= 32 + 0 + 8 + 0 + 0 + 1
= (41) 10

27 26 25 24 23 22 21 20
128 64 32 16 8 4 2 1

31
Binary  Hex
 Convert (0101001101111011)2 to Hex Bin Hex
0000 0
◦ divide in groups of 4 bits 0001 1
◦ express each group as a Hex digit 0010 2
0011 3
0100 4
0101 0011 0111 1011 0101 5
0110 6
0111 7
1000 8
0101 0011 0111 1011 1001 9
1010 a
1011 b
5 3 7 B 1100 c
1101 d
0101 0011 0111 1011 = 0x537B 1110 e
1111 f
32
Hex  Binary
 Convert 0x2AC to binary Bin Hex
0000 0
◦ write each hex digit as 4 bit binary 0001 1
number 0010 2
0011 3
0100 4

0x2AC 0101 5
0110 6
0111 7
1000 8

0010 1010 1100 1001 9

1010 a
1011 b
0x2AC = 0010 1010 1100 1100 c
1101 d
1110 e
1111 f
33
Numbers in Different Bases

34
ASCII for Alphabets

35