Cryptography Reference
In-Depth Information
Input:
1. Key-dependent variable s.
2. Key-dependent scrambled array Y [−3...256].
Output: Pseudo-random keystream words z.
Swap and Rotate P:
Swap(P[0],P[Y [185] & 0xFF]);
Rotate(P);
Update s:
s+ = Y [P[72]]−Y [P[239]];
s = ROTL32 (s,((P[116] + 18) & 31));
Output 8 bytes (from LSB to MSB order):
Output (ROTL32(s,25)⊕Y [256]) + Y [P[26]];
Output (s⊕Y [−1]) + Y [P[208]];
Update and Rotate Y :
Y [−3] = (ROTL32(s,14)⊕Y [−3]) + Y [P[153]];
Rotate(Y);
Algorithm 9.2.5: Py PRGA (Single step)
9.3 RC4-Based Hash
In [28], a hash-function based on RC4 was proposed. This hash function,
named RC4-Hash, produces a variable length output from 16 bytes to 64
bytes.
RC4-Hash is parameterized by l and works as a function
RCH
l
: {0,1}
<2
64
→{0,1}
8l
.
The message M (with length at most 2
64
−1) is padded as follows:
pad(M) = bin
8
(l)M10
k
bin
64
(|M|),
where k ≥ 0 is the least integer such that
8 +|M|+ 1 + k + 64 = 0 mod 512.
One may write
M
t
,
where each M
i
is of size 512 bits. S
IV
is a permutation of Z
256
and for
i ∈ [0,255], r(i) gives a number in [0,63]. S
IV
pad(M) = M
1
and r(i)'s are specified in [28,