**Simple 4-byte example**

S = {0, 1, 2, 3}

K = {1, 7, 1, 7}

Set i = j = 0

S = {0, 1, 2, 3}

K = {1, 7, 1, 7}

Set i = j = 0

**RC4 Example**

**Encryption**

Symmetric

Stream Cipher

Two main parts:

RC4 Description

Almost all weaknesses are in the KSA since attacking the PRGA is fairly infeasible due to the huge effective key.

The fastest known method requires 2700 time.

The KSA can be attacked with several methods mainly because of the simple initialization permutation used.

Invariance Weakness is the most devastating attack.

(5% chance of guessing one or more bytes of the key.)

Weaknesses of RC4

The main factors in RC4's success over such a wide range of applications are its speed and simplicity: efficient implementations in both software and hardware are very easy to develop.

History

History

Discussion of RC4 Algorithm

Analysis of RC4

Weaknesses of RC4

Example

**Overview**

By:

Ahmed L.Yousify

University Of Zakho

Computer Science Department

**RC4 Encryption**

Fluhrer, Mantin, Shamir - Weakness in the Key Scheduling Algorithm of RC4.

http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf

Stubblefield, Loannidis, Rubin – Using the Fluhrer, Mantin, and Shamir Attack to Break WEP.

http://www.cs.rice.edu/~astubble/wep/wep_attack.pdf

Rivest – RSA Security Response to Weakness in the Key Scheduling Algorithm of RC4.

http://www.rsasecurity.com/rsalabs/technotes/wep.html

RC4 Encryption Algorithm.

http://www.ncat.edu/~grogans/algorithm_breakdown.htm

Computer Network laboratory-RC4 Encryption Algorithm.

http://www.scribd.com/doc/49849673/21/RC4-Algorithm

**Resources**

**Decryption**

**RC4 Description**

Advantages

Disadvantages

Analysis of RC4

i=1 , j=1 , S = {2, 1, 3, 0}

i = i + 1 = 2

j = j + S[ i ] = 1 + 3 = 4 (mod 4) = 0

Swap S[ i ] and S[ j ]: S = {3, 1, 2, 0}

Output z = S[ S[ i ] + S[ j ] ] = S[1] = 1

Z = 1 ( 0000 0001 )

I

0100 1001

XOR 0000 0001

0100 1000

Result : Plaint Text : 0100 1000 0100 1001

Cipher Text: 0100 1011 0100 1000

Reset i = j = 0, Recall S = {2, 1, 3, 0}

i = i + 1 = 1

j = j + S[ i ] = 0 + 1 = 1

Swap S[ i ] and S[ j ]: S = {2, 1, 3, 0}

Output z = S[ S[ i ] + S[ j ] ] = S[2] = 3

Z = 3 ( 0000 0011 )

H 0100 1000

XOR

3 0000 0011

------------------------------

0100 1011

PRGA

Third Iteration (i = 2, j = 0, S = {0, 1, 2, 3}):

j = (j + S[ i ] + K[ i ]) = (0 + 2 + 1) = 3

Swap S[ i ] with S[ j ]: S = {0, 1, 3, 2}

Fourth Iteration (i = 3, j = 3, S = {0, 1, 3, 2}):

j = (j + S[ i ] + K[ i ]) = (3 + 2 + 7) = 0 (mod 4)

Swap S[ i ] with S[ j ]: S = {2, 1, 3, 0}

**KSA**

First Iteration (i = 0, j = 0, S = {0, 1, 2, 3}):

j = (j + S[ i ] + K[ i ]) = (0 + 0 + 1) = 1

Swap S[ i ] with S[ j ]: S = {1, 0, 2, 3}

Second Iteration (i = 1, j = 1, S = {1, 0, 2, 3}):

j = (j + S[ i ] + K[ i ]) = (1 + 0 + 7) = 0 (mod 4)

Swap S[ i ] with S[ j ]: S = {0, 1, 2, 3}

**KSA**

PRGA Contd.

LifeSmiler@gmail.com

RC4 was designed by Ron Rivest of RSA Security in 1987. While it is officially termed “Rivest Cipher 4”.

RC4 was initially a trade secret, but in September 1994 a description of it was anonymously posted to the Cypherpunks mailing list.

and from there to many sites on the Internet. RC4 has become part of some commonly used encryption protocols and standards, including WEP and WPA for wireless cards.

* Faster than DES

* Enormous key space (average of 1700 bits)

* RC4 is used in popular protocols such as Secure Sockets Layer (SSL)

and (to protect Internet traffic) SSL In 802.11 WEP

(to secure wireless networks).

* Large number of “weak” keys 1 of 256

* “Weak” keys can be detected and exploited with a high probability

KSA (Key Scheduling Algorithm)

PRGA (Pseudo Random Generation Algorithm)

Notation:

S = {0, 1, 2, … N-1} is the initial permutation

l = length of k