Requesting feedback on patched RC4-variant
Matthijs van Duin
matthijs at cds.nl
Fri Apr 20 12:26:15 EDT 2001
I needed a high-speed stream cipher in REALbasic, which has
exceptionally poor support for the kind of operations needed (no
unsigned 32-bit integers, no bitshift)
I already made an RC4 implementation a while ago, but the algorithm
has some problems, outlined in the recent crack of the encryption of
wireless networking. (IEEE something)
[Those have to do with stream ciphers in general and exploited no
specific features of RC4. --Perry]
To avoid this, I basically patched RC4 in two ways: 1. add cipher
block chaining 2. make the state-permutations depend on the data, to
make long-term changes to the pseudorandom data stream RC4 generates.
I hope this will make my application immune to the attack done on
wireless networking (which would be vulnerable with RC4 since I also
use CRC for integrity checking).
I'm however not (yet ;) an expert on cryptography, so I'm not
entirely sure whether I didn't mutilate the algorithm in such a way I
introduced major new weaknesses.. I'd therefore greatly appreciate
some feedback on this.
I already did some statistical tests.. and it turned out that when a
single bit of an input byte is altered, 50% of the bits of the
corresponding output byte and all following bytes get toggled.. so
that's a good sign already.
All integers are unsigned 8-bits. In my code, I use combination of
xor and addition intentionally, because the interactions between
carryless and carrying operations cause interesting effects, I think.
Original RC4: (in pseudo-C, for one byte)
x++
y = y + s[x];
swap(s[x], s[y]);
data = data ^ s[s[x] + s[y]];
My encryption code: (in pseudo-C, for one byte)
x++
y = y + s[x];
swap(s[x], s[y]);
v = data + c; // Cipher block chaining
c = v ^ s[s[x] + s[y]];
data = s[c]; // I had a reason for this post-wash.. I can't remember
y = y ^ v; // make s-box permutation depend on data
My decryption code: (in pseudo-C, for one byte)
x++
y = y + s[x];
swap(i[s[x]], i[s[y]]); // i = inverse of s
swap(s[x], s[y]);
e = i[data];
v = e ^ s[s[x] + s[y]];
data = v - c;
c = e;
y = y ^ v;
-xmath
Matthijs van Duin
- PGP Key: 0xB6205CCB <finger://PGPkey_DH@hmvd.cds.nl> -
- FP: D73C 9EE3 5F6B E5D5 8E19 2CBE 4648 8C3E B620 5CCB -
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list