Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
RC4
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===RC4A=== [[Souradyuti Paul]] and [[Bart Preneel]] have proposed an RC4 variant, which they call RC4A.<ref>{{Citation |chapter=A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher |author1=Souradyuti Paul |author-link1=Souradyuti Paul |author2=Bart Preneel |author-link2=Bart Preneel |chapter-url=http://homes.esat.kuleuven.be/~psourady/publication-info/PP04-bias_rc4.htm |year=2004 |title=Fast Software Encryption, FSE 2004 |series=Lecture Notes in Computer Science |volume=3017 |publisher=Springer-Verlag |isbn=978-3-540-22171-5 |pages=245β259 |doi=10.1007/978-3-540-25937-4_16 |access-date=2011-11-04|doi-access=free }}</ref> RC4A uses two state arrays {{mono|S1}} and {{mono|S2}}, and two indexes {{mono|<var>j1</var>}} and {{mono|<var>j2</var>}}. Each time {{mono|<var>i</var>}} is incremented, two bytes are generated: # First, the basic RC4 algorithm is performed using {{mono|S1}} and {{mono|<var>j1</var>}}, but in the last step, {{mono|S1[<var>i</var>]+S1[<var>j1</var>]}} is looked up in {{mono|S2}}. # Second, the operation is repeated (without incrementing {{mono|<var>i</var>}} again) on {{mono|S2}} and {{mono|<var>j2</var>}}, and {{mono|S1[S2[<var>i</var>]+S2[<var>j2</var>]<nowiki>]</nowiki>}} is output. Thus, the algorithm is: <span style="color: green;">''All arithmetic is performed modulo 256''</span> i := 0 j1 := 0 j2 := 0 '''while''' GeneratingOutput: i := i + 1 j1 := j1 + S1[i] [[Swap (computer science)|swap values]] of S1[i] and S1[j1] '''output''' S2[S1[i] + S1[j1]<nowiki>]</nowiki> j2 := j2 + S2[i] swap values of S2[i] and S2[j2] '''output''' S1[S2[i] + S2[j2]<nowiki>]</nowiki> '''endwhile''' Although the algorithm required the same number of operations per output byte, there is greater parallelism than RC4, providing a possible speed improvement. Although stronger than RC4, this algorithm has also been attacked, with Alexander Maximov<ref>{{Citation |title=Two Linear Distinguishing Attacks on VMPC and RC4A and Weakness of RC4 Family of Stream Ciphers |author=Alexander Maximov |url=http://eprint.iacr.org/2007/070 |date=22 February 2007 |id=Cryptology ePrint Archive: Report 2007/070 |access-date=2011-11-04}}</ref> and a team from NEC<ref name="nec">{{Citation |title=The Most Efficient Distinguishing Attack on VMPC and RC4A |url=http://www.ecrypt.eu.org/stream/papersdir/037.pdf |year=2005 |author1=Yukiyasu Tsunoo |author2=Teruo Saito |author3=Hiroyasu Kubo |author4=Maki Shigeri |author5=Tomoyasu Suzaki |author6=Takeshi Kawabata}}</ref> developing ways to distinguish its output from a truly random sequence.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)