# CHAPTER 17

# Other Stream Ciphers and Real Random-Sequence Generators

## 17.1 RC4

RC4 is a variable-key-size stream cipher developed in 1987 by Ron Rivest for RSA Data Security, Inc. For seven years it was proprietary, and details of the algorithm were only available after signing a nondisclosure agreement.

In September, 1994 someone posted source code to the Cypherpunks mailing list—anonymously. It quickly spread to the Usenet newsgroup sci.crypt, and via the Internet to ftp sites around the world. Readers with legal copies of RC4 confirmed compatibility. RSA Data Security, Inc. tried to put the genie back into the bottle, claiming that it was still a trade secret even though it was public; it was too late. It has since been discussed and dissected on Usenet, distributed at conferences, and taught in cryptography courses.

RC4 is simple to describe. The algorithm works in OFB: The keystream is independent of the plaintext. It has a 8 * 8 S-box: *S*_{0}, *S*_{1}, . . ., *S*_{255}. The entries are a permutation of the numbers 0 through 255, and the permutation is a function of the variable-length key. It has two counters, *i* and *j*, initialized to zero.

To generate a random byte, do the following:

*i* = (*i* + 1) mod 256

*j* = (*j* + *S*_{i}) mod 256

swap *S*_{i} and *S*_{j}

*t* = (*S*_{i} + *S*_{j}) mod 256

*K* = *S*_{t}

The byte *K* is XORed with the plaintext to produce ciphertext or XORed with the ciphertext to produce plaintext. Encryption is fast—about 10 times faster than DES.

Initializing the S-box is also easy. First, fill it linearly: ...