This document analyzes a hybrid cipher algorithm created by combining the TripleDES block cipher with the RC4 stream cipher. It describes the encryption and decryption processes of the hybrid cipher. Performance and secrecy of the hybrid cipher, TripleDES, and RC4 are evaluated by measuring encryption time and calculating secrecy values using Shannon's information theory for different sizes of input data ranging from 5KB to 100KB. Results show the hybrid cipher has comparable encryption time to TripleDES and more stable secrecy values than TripleDES or RC4.

1. IFRSA’s International Journal Of Computing|Vol2|issue 2|April 2012 397
Analysis of a Hybrid Cipher Algorithm for Data Encryption
T.D.B Weerasinghe
BSc.Eng(Hons), MIEEE, AMIE(SL), MSc.Eng candidate, Department of Electrical and Electronic
Engineering, University of Peradeniya, Peradeniya 20400, Sri Lanka
ABSTRACT
Block and stream ciphers can be joined in order to obtain hybrid algorithms and the main idea of combining can be
enhancing the security of the cipher. This paper is presented to illustrate a hybrid algorithm created by combining a
block cipher algorithm, TripleDES (ECB mode) and a stream cipher algorithm, RC4.
In the encryption mode, first the plain text is encrypted by TripleDES; then the particular cipher text is encrypted by
RC4. In the decryption mode, first the cipher text is decrypted by RC4 and then by TripleDES to decrypt again and
obtain the original text. Input (plain text) is given as a text file.
Performance (encryption time) and secrecy (according to the theories of Shannon) of cipher are analysed over the
input data size.
Key words:TripleDES, RC4, Encryption time, Secrecy of ciphers.
1. INTRODUCTION
There are many ways to combine cryptographic algorithms to get new algorithms. The impetus behind these
combinations is increasing security[1]. In this research, the focus was, combining a block cipher with a stream
cipher to obtain a hybrid cipher and then analyze the performance of the encryption procedure and secrecy level of
the cipher. Motivation for this research is the feeling that the eavesdroppers who aim block ciphers and stream
ciphers alone might find it difficult to break the combined cipher. Block ciphers are strong in security but poor in
performance whereas stream ciphers are poor in security and strong in performance. Thus, the feeling of combining
these two lead me to obtain something in between.
So, TripleDES (168 bit key) and RC4 (128 bit key) are combined together in-order to obtain the hybrid cipher.
Performance of the proposed hybrid algorithm is compared with that of TripleDES and RC4. Performance is
measured as the encryption time of each algorithm for a given input. Input has been varied from 5KB to 100KB
(input is a text file, read by the relevant Java program)
Secrecy of the cipher of the proposed hybrid algorithm is also compared with that of TripleDES and RC4. Secrecy is
measured according to the Shannon’s theorems on Entropy and Secrecy of Ciphers. There also the input has been
varied from 5KB to 100KB, same as in the previous analysis.
2. METHODS
STEP 1:
In this research TripleDES (in ECB mode with PKCS5Padding which are used as the default mode and padding
schemes for TripleDES provided by SunJCE) and RC4 are combined to encrypt and decrypt a message.
After the final permutation of the TripleDES’s third round (i.e. the 16th
round of the third encryption cycle of
TripleDES) the cipher is converted to a bit stream and encrypted using RC4. Then it is decrypted using the same
algorithm used in RC4 encryption and the particular resultant cipher bit stream is converted to block of bits and those
are decrypted using the TripleDES decrypting operation.
Three Java programs are written to implement the algorithms TripleDES, RC4 and the Hybrid. Java’s cryptography
package is used to implement the algorithms. Hence the default key sizes provided by SunJCE are used. [4]
International journal of Computing
Journal homepage: www.ifrsa.org

2. T.D.B Weerasinghe| Analysis of a Hybrid Cipher Algorithm for Data Encryption
IFRSA’s International Journal Of Computing|Vol2|issue 2|April 2012 398
Fig.1 Combination of TripleDES and RC4[3]
Fig.2 Java Cryptography Package[2]
STEP 2:
Performance of the each algorithm should be measured in order to get an idea of the cost friendliness of the
algorithm. Data ranging from size 5KB to 100KB (text files) are given to each algorithm (TripleDES, RC4 and
Hybrid respectively) to encrypt and the encryption time is measured using Java’s time calculation scenarios. Analysis
is done by comparing the encryption time of all the three algorithms.
A separate Java program is written in-order to calculate the execution times of the ciphers generated by each of the
algorithms. (TripleDES, RC4 and the Hybrid)
STEP 3:
Ciphers of the Algorithms should be analyzed in order to measure the security strength of it. As the measurement
criteria, in this research, the Secrecy of Ciphers is used.
Leading to the calculation of the secrecy value of a cipher, the following theories have been followed!
Definition of ‘entropy’:
The entropy of a message M, denoted H(M), is the amount of information in the message. It corresponds to the
minimum number of bits needed to encode all possible meanings of the message, assuming all messages are equally
likely. [5]
 The entropy of a given message X is defined by the weighted average:
 H(X) = - Σ{1≤i≤n} p(Xi)log2 p(Xi)
Definition of ‘uncertainty’:
The uncertainty of a message corresponds to the number of plaintext bits that must be recovered when the message
is scrambled in ciphertext in order to learn the plaintext. The uncertainty of a message is measured by its entropy. [5]
Definition of ‘equivocation’:
The equivocation is the uncertainty of a message that can be reduced by given additional information. [5]
 The equivocation is the conditional entropy of X given Y:
 HY(X) = - Σ{X,Y} p(X,Y)log2 pY(X)

3. T.D.B Weerasinghe| Analysis of a Hybrid Cipher Algorithm for Data Encryption
IFRSA’s International Journal Of Computing|Vol2|issue 2|April 2012 399
= -Σ{Y} p(Y)Σ{X} pY(X)log2 (p Y(X))
Definition of secrecy:
The secrecy of a cipher is measured in terms of the key equivocation Hc(K) of a key K for a given ciphertext C; that
is the amount of uncertainty in K given C: [5]
 Hc(K) = -Σ{C} p(C)Σ{K} pc(K)log2 (pc(K))
Note: This is used in the secrecy calculation in this research and the above equations are illustrated from theories
of Shannon related to entropy and secrecy. Claude Elwood Shannon [April 30, 1916 – February 24, 2001] is
called the Father of Information Theory.
Secrecy values are calculated for each cipher of the three algorithms (TripleDES, RC4 and the Hybrid) for input data
ranging from size 5KB to 100KB.
Average encryption times and secrecy of ciphers are calculated after 5 rounds of testing for each input (each text file)
3. RESULTS
INPUT DATA
SIZE/KB
AVERAGE ENCRYPTION TIME/ms
TripleDES(3DES) RC4 Hybrid Algorithm
5 22 9.4 25.2
10 24.8 9.4 31
15 28.4 1.6 31.2
20 28.2 3.2 31.8
25 31 9.4 28
30 29.8 9.2 27.8
35 30 10.8 31.8
40 33.2 12.8 32
45 34 11.4 36
50 33.4 11.2 34
55 35.4 11 37
60 35 11.2 36.4
65 37 11 39.5
70 39.3 11.5 39
75 40.5 11 40.5
80 39.5 9.4 37.2
85 37.4 12.6 43.4
90 47 15 43.6
95 47 6.4 39
100 46.4 6.4 47
Table.1 Average Encryption Times of the Algorithms for similar inputs

4. T.D.B Weerasinghe| Analysis of a Hybrid Cipher Algorithm for Data Encryption
IFRSA’s International Journal Of Computing|Vol2|issue 2|April 2012 400
Fig.3 Average Encryption Time vs. Data Size
INPUT DATA SIZE/KB
AVERAGE SECRECY VALUE
TripleDES RC4 Hybrid Algorithm
5 0.128433408 0.17480747 0.215101274
10 0.308858194 0.16832912 0.229507753
15 0.200804304 0.1585643 0.223708079
20 0.363490184 0.16556034 0.220657567
25 0.26001987 0.17118074 0.231303128
30 0.237138551 0.17770687 0.22593549
35 0.201835278 0.18044321 0.237518095
40
0.327427522 0.17294332 0.237910337
45 0.239508702 0.17469719 0.239328159
50 0.174385837 0.15607884 0.235069715
55 0.354634619 0.17911076 0.225973132
60 0.324950271 0.16998157 0.23258963
65 0.407747905 0.18945935 0.234729998
70 0.139060063 0.15935405 0.237956204
75 0.128660882 0.15917461 0.233547191
80 0.154629452 0.18243486 0.242777805
85 0.146645331 0.16382689 0.240819397
90 0.159713292 0.18480739 0.242417182
95 0.140878024 0.19212304 0.232567338
100 0.162850973 0.18449194 0.229123519
Table.2 Average Secrecy Values of TripleDES, RC4 and Hybrid algorithms for similar inputs
Fig.4 Secrecy Value vs. Data Size
4. CONCLUSION
Conclusion with respect to the performance of the algorithms:
Proposed hybrid algorithm is more expensive than RC4 but goes parallel with TripleDES. Thus, the results
emphasize, generally the cost of the algorithm is higher than that of RC4 which is a very cost effective stream cipher
algorithm but it is quite similar to TripleDES in terms of the cost. When the size of the plain text is increased, the
performance lies at the low end. (Refer Fig.3)
Conclusion with respect to the secrecy of ciphers of the algorithms:
Secrecy of the ciphers is measured using the Shannon’s theories; so the results emphasize that the proposed hybrid
algorithm has a secrecy variation very much as a sinusoidal variation with small amplitude, whereas TripleDES

5. T.D.B Weerasinghe| Analysis of a Hybrid Cipher Algorithm for Data Encryption
IFRSA’s International Journal Of Computing|Vol2|issue 2|April 2012 401
(ECB mode) has drastic changes of the secrecy (even though it is higher than that of the hybrid) and RC4 has very
low level of secrecy, close to zero, as the size of the plain text is increased. Thus the secrecy of the hybrid cipher is
more stable than that of TripleDES and RC4. (Refer Fig.4)
Conclusion in general:
Average secrecy of the hybrid cipher is not drastically changing over the input data size. It is moderately distributed
without any drastic changes like that of TripleDES. Hence, it can be considered like an algorithm which has a stable
secrecy regardless of input data size. TripleDES has an unpredictable secrecy which deviates quite frequently. It may
arouse vulnerabilities to attacks. Average secrecy values of ciphers of RC4 are lying on the lower level as it is a
stream cipher. This mixture will confuse the eavesdroppers who aim TripleDES alone and RC4 alone.
But when the cost of the algorithms is concerned the hybrid is more expensive than the other two. At the beginning
of the research the imagination was the average secrecy value of the hybrid cipher would be far better than that of
TripleDES and RC4; but at the end a quite interesting result was obtained to show that it lies in between but more
stable than TripleDES as well as not lower than RC4. Thus idea of combining two types of symmetric key algorithms
has left a doubt behind in a way that can be solved by a future work of checking the vulnerability of these three
algorithms to a common plain text attack or even a brute-force one!
As another future work, key size of the two algorithms can be changed and analyzed. Over the variable key length,
the average encryption time and average secrecy value can be plotted and studied!
REFERENCES
[1] Mailewa, D.M.A.B., Weerasinghe T.D.B., Perera S.P.J., Munasinghe C.A., 2008: Types and Modes
Combined Algorithm for Data Encryption and Decryption, proceedings, 13th
Peradeniya University Research
Sessions, Peradeniya, Sri Lanka, 181-182
[2] Sachin Majithia, Kumar Dinesh, 2010: ‘Implementation and Analysis of AES, DES and Triple DES on GSM
Network’, IJCSNS International Journal of Computer Science and Network Security, VOL.10 No.1, 298-303
[3] Stallings, William, 2005: Cryptography and Network Security, Forth Edition: Principles and Practices,
Prentice Hall, 592
[4] http://docs.oracle.com/javase/6/docs/technotes/guides/security/SunProviders.html
[5] www.ece.uvic.ca/~itraore/elec567-04/notes/elec6704-6-2.pdf