Cryptography Reference
In-Depth Information
N = 256. S is initialized as the identity permutation, i.e.,
S[i] = i for 0 ≤ i ≤N −1.
A secret key κ of size l bytes (typically, 5 ≤ l ≤ 16) is used to scramble this
permutation. An array
K = (K[0],...,K[N −1])
is used to hold the secret key, where each entry is again an n-bit integer. The
key is repeated in the array K at key length boundaries. For example, if
the key size is 40 bits, then K[0],...,K[4] are filled by the key and then this
pattern is repeated to fill up the entire array K. Formally, we can write
K[y] = κ[y mod l],
for 0 ≤y ≤ N −1.
The RC4 cipher has two components, namely, the Key Scheduling Algo-
rithm (KSA) and the Pseudo-Random Generation Algorithm (PRGA). The
KSA uses the key K to shu e the elements of S and the PRGA uses this
scrambled permutation to generate pseudo-random keystream bytes.
Two indices, i and j, are used in RC4. i is a deterministic index that is
incremented by 1 (modulo N) in each step and j serves as a pseudo-random
index that is updated depending on the secret key K and the state S.
The KSA initializes both i and j to 0, and S to be the identity permutation.
It then steps i across S looping N times, and updates j by adding the i-th
entries of S and K. Each iteration ends with a swap of the two bytes in S
pointed by the current values of i and j.
Input: Secret key array K[0...N −1].
Output: Scrambled permutation array S[0...N −1].
Initialization:
for i = 0,...,N −1 do
S[i] = i;
j = 0;
end
Scrambling:
for i = 0,...,N −1 do
j = (j + S[i] + K[i]);
Swap(S[i],S[j]);
end
Algorithm 2.4.1: RC4 KSA
The PRGA also initializes both i and j to 0. It then loops over four
operations in sequence: it increments i as a counter, updates j by adding
S[i], swaps the two entries of S pointed by the current values of i and j, and
Search WWH ::




Custom Search