14. Stream ciphers. Prg

A stream cipher is a symmetric encryption algorithm. stream ciphers process the message bit by bit (as a stream). typically have a (pseudo) random stream key. combined (XOR) with plaintext bit by bit. randomness of stream key completely destroys any statistically properties in the message. Advantage - fast cipher. Using - encryption of the audio and video. information C_i = M_i XOR StreamKey_i

Itself synchronous stream cipher

The opentext letters are encrypted dependently of the anotheropentext letters. And they also takes participants in the keyword forming.

Synchronous stream cipher

Keyword forms independently of the every opentext letter. And every letter encrypted independently from another letters too.

As the keyword you can use initial value of the random generator

-Use a pseudorandom generator PRG to produce the sequence a(1), …a(n)

-The PRG extends a short “seed” into a long“pseudorandom” string, i.e.,

PRG (K)= a(1), …a(n)

-The seed is the secret key K

Security depends on the design of PRG.

-PRG is a broad concept.

-For cryptographic use, a PRG must be unpredictable:

-Next bit test: Given an initial segment, it should not be possible to efficiently guess the next bit.

-Statistical Tests: The generated pseudorandom sequence should pass all polynomial time statistical tests.

The above notions are equivalent.

when using a Pseudo-Random Generator (PRG)

• the generated stream must be:

  • statistically random (like result of coin tossing)

  • (know part of seq not enough)

• PRG may be controlled just by key influencing:

  • next-state function (output feedback mode)

  • outputfunction (countermode)

• PRG may be controlled both by data and key:

  • output function (cipher feedback mode)

15. Stream ciphers. Rc4

RC4 is a stream cipher designed by Rivest for RSA Data Security (now RSA Security). It is a variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation. Analysis shows that the period of the cipher is overwhelmingly likely to be greater than 10¹⁰⁰. Eight to sixteen machine operations are required per output byte, and the cipher can be expected to run very quickly in software. Independent analysts have scrutinized the algorithm and it is considered secure.

RC4 is used for file encryption in products such as RSA SecurPC .It is also used for secure communications, as in the encryption of traffic to and from secure web sites using the SSL protocol

RC4 Key Schedule:

-basic idea is to start with an array of numbers: 0..255

-and well and truly shuffle this up, controlled by the key

-this array S forms the internal state of the cipher

-given a key k of length l bytes

• i = j = 0

• initialisearray S to {0, 1, 2, ..., 255}

• repeat 256 times

• j += S[i] + k[i mod l] (mod 256)

• swap(S[i], S[j])

increment i

RC4 Encryption

-to encrypt we continue to shuffle array entries

-and use the sum of the pair we shuffled as the "stream key"

-which then XOR with the next byte of the message

• i = j = 0

• foreachmessagebyte

• i = i + 1 (mod 256)

• j = j + S[i] (mod 256)

• swap(S[i], S[j])

• t = (S[i] + S[j]) (mod 256)

• C = M XOR S[t]

RC4 Security

-is claimed secure against known cryptanalyses

-result is very non-linear

-the first group of outputs correlate with key

-so in practise should discard first 256 outputs

-also, being a stream cipher, should never reuse a key

-also after a few GB, see some values occuring slightly too often

-but none of these really a major practical issue