Of all the stream ciphers, RC4 is the widely used stream cipher due to its speed of operations and simplicity.

RC4 variants

RC4 has 4 variants to it. They are:

SPRITZ: Spritz is used to build:

a) Cryptographic hash function b) Deterministic random bit generator (DRBG) c) Encryption algorithm which supports Authenticated Encryption with Associated Data (AEAD)

RC4A: This is a stronger variant than RC4. VMPC: It stands for Variably Modified Permutation Composition.RC4A+: RC4A+ as the name suggests is a modified version of RC4 with a more complex three-phase key schedule and takes 1.7 times as long as basic RC4.

Working of RC4

RC4 makes use of KSA and PRGA Algorithms. Explanation and working of these algorithms is out of scope. Let’s understand how encryption and decryption takes place in RC4.

Encryption

User inputs plain text and a secret key. The encryption engine generates the keystream by using KSA and PRGA Algorithms for the secret key entered. The generated keystream is XORed with plain text. Since RC4 is a stream cipher, XORing is done byte by byte and encrypted text is produced. This encrypted text is now sent to the intended receiver in encrypted form.

Example

Plain Text: 10011001 Keystream: 11000011 ——————————– Cipher Text: 01011010

Decryption

Steps

For decryption, ciphertext and the same keystream is required which was used for encryption. The ciphertext and the keystream produce plain text using XOR Operation. The ciphertext is XOR’ed with keystream bit by bit to produce PlainText.

Example

Cipher Text: 01011010 Keystream: 11000011 ———————-  Plain Text: 10011001

Advantages of RC4

RC4 is simple to use. Speed of operation is fast as compared to other cipher suites. RC4 cipher is easy to implement. RC4  does not consume more memory. For large streams of data, RC4 is the preferred choice.

Disadvantages of RC4

If a strong MAC is not used, RC4 is vulnerable to a bit-flipping attack. RC4 does not support authentication. RC4 is not feasible to be implemented on small streams of data.

Attacks on RC4

RC4 is vulnerable to following attacks – 

Fluhrer, Mantin and Shamir attack Klein’s attack Combinatorial Problem Royal Holloway Attack Bar-mitzvah Attack NOMORE Attack

RC4 applications

RC4 application has been found in – 

WPA  BitTorrent protocol encryption WEP Microsoft Office XP  Microsoft Point-to-Point Encryption Transport Layer Security / Secure Sockets Layer Secure Shell (optionally) Remote Desktop Protocol Kerberos SASL Mechanism Digest-MD5 PDF Skype

 

Sources

https://www.geeksforgeeks.org/rc4-encryption-algorithm/  https://paginas.fe.up.pt/~ei10109/ca/rc4.html  https://tutorialspoint.dev/computer-science/computer-network-tutorials/computer-network-rc4-encryption-algorithm