RC4 is a stream cipher created in 1987. It was initially a trade secret but was later posted online. RC4 is fast and simple to implement, making it popular despite weaknesses in its key scheduling algorithm. RC4 has a large key space but around 1 in 256 keys are weak. Attacks exist against RC4's KSA that can help determine parts of the encryption key. While RC4 remains in common use, its weaknesses have led experts to recommend moving away from its use where possible.

1. RC4 Encryption

2. Overview
History

Discussion of RC4 Algorithm
Analysis of RC4

Weaknesses of RC4
Example




3. History
RC4 was designed by Ron Rivest of RSA Security in 1987. While it is officially
termed “Rivest Cipher 4”.

RC4 was initially a trade secret, but in September 1994 a description of it was
anonymously posted to the Cypherpunks mailing list.

and from there to many sites on the Internet. RC4 has become part of some
commonly used encryption protocols and standards, including WEP and WPA
for wireless cards.

The main factors in RC4's success over such a wide range of applications are
its speed and simplicity: efficient implementations in both software and
hardware are very easy to develop.


4. Analysis of RC4
Advantages 
Faster than DES 
Enormous key space (average of 1700 bits) 
RC4 is used in popular protocols such as Secure Sockets Layer (SSL)
(to protect Internet traffic) SSL and
In 802.11 WEP(to secure wireless networks).


Disadvantages 
Large number of “weak” keys 1 of 256 
“Weak” keys can be detected and exploited with a high probability 

5. Weaknesses of RC4
Almost all weaknesses are in the KSA since attacking the PRGA is fairly 
infeasible due to the huge effective key. The fastest known method requires
2700 time.
The KSA can be attacked with several methods mainly because of the simple
initialization permutation used.
Invariance Weakness is the most devastating attack. 
(5% chance of guessing one or more bytes of the key.) 


6. RC4 Description
Symmetric

Stream Cipher

Two main parts:

KSA (Key Scheduling Algorithm)

PRGA (Pseudo Random Generation Algorithm)
Notation:


S = {0, 1, 2, … N-1} is the initial permutation
l = length of



7. RC4 Description

8. Encryption

9. Decryption

10. RC4 Example
Simple 4-byte example
S = {0, 1, 2, 3}

K = {1, 7, 1, 7}

Set i = j = 0



11. KSA
K = {1, 7, 1, 7}
S[0]
K[0]
First Iteration (i = 0, j = 0, S = {0, 1, 2, 3}):
j = (j + S[ i ] + K[ i ]) = (0 + 0 + 1) = 1
Swap S[ i ] with S[ j ]: S = {1, 0, 2, 3}
S[i]
S = {0,1, 2, 3}
S[j]
Second Iteration (i = 1, j = 1, S = {1, 0, 2, 3}):
j = (j + S[ i ] + K[ i ]) = (1 + 0 + 7) = 0 (mod 4)
Swap S[ i ] with S[ j ]: S = {0, 1, 2, 3}

12. KSA
K = {1, 7, 1, 7}
S[0]
K[0]
First Iteration (i = 0, j = 0, S = {0, 1, 2, 3}):
j = (j + S[ i ] + K[ i ]) = (0 + 0 + 1) = 1
Swap S[ i ] with S[ j ]: S = {1, 0, 2, 3}
Second Iteration (i = 1, j = 1, S = {1, 0, 2, 3}):
j = (j + S[ i ] + K[ i ]) = (1 + 0 + 7) = 0 (mod 4)
Swap S[ i ] with S[ j ]: S = {0, 1, 2, 3}
S[i]
1
S = {0 ,1 , 2, 3}
0
S[j]

13. KSA
K = {1, 7, 1, 7}
S[0]
K[0]
First Iteration (i = 0, j = 0, S = {0, 1, 2, 3}):
j = (j + S[ i ] + K[ i ]) = (0 + 0 + 1) = 1
Swap S[ i ] with S[ j ]: S = {1, 0, 2, 3}
Second Iteration (i = 1, j = 1, S = {1, 0, 2, 3}):
j = (j + S[ i ] + K[ i ]) = (1 + 0 + 7) = 0 (mod 4)
Swap S[ i ] with S[ j ]: S = {0, 1, 2, 3}
1
S = { 1, 0, 2, 3}
0

14. KSA
K = {1, 7, 1, 7}
K[1]
First Iteration (i = 0, j = 0, S = {0, 1, 2, 3}):
j = (j + S[ i ] + K[ i ]) = (0 + 0 + 1) = 1
Swap S[ i ] with S[ j ]: S = {1, 0, 2, 3}
S[1]
Second Iteration (i = 1, j = 1, S = {1, 0, 2, 3}):
j = (j + S[ i ] + K[ i ]) = (1 + 0 + 7) = 0 (mod 4)
Swap S[ i ] with S[ j ]: S = {0, 1, 2, 3}

15. KSA
K = {1, 7, 1, 7}
S[2]
K[2]
Third Iteration (i = 2, j = 0, S = {0, 1, 2, 3}):
j = (j + S[ i ] + K[ i ]) = (0 + 2 + 1) = 3
Swap S[ i ] with S[ j ]: S = {0, 1, 3, 2}
Fourth Iteration (i = 3, j = 3, S = {0, 1, 3, 2}):
j = (j + S[ i ] + K[ i ]) = (3 + 2 + 7) = 0 (mod 4)
Swap S[ i ] with S[ j ]: S = {2, 1, 3, 0}

16. KSA
K = {1, 7, 1, 7}
K[3]
Third Iteration (i = 2, j = 0, S = {0, 1, 2, 3}):
j = (j + S[ i ] + K[ i ]) = (0 + 2 + 1) = 3
Swap S[ i ] with S[ j ]: S = {0, 1, 3, 2}
S[3]
Fourth Iteration (i = 3, j = 3, S = {0, 1, 3, 2}):
j = (j + S[ i ] + K[ i ]) = (3 + 2 + 7) = 0 (mod 4)
Swap S[ i ] with S[ j ]: S = {2, 1, 3, 0}

17. PRGA
For this example we use plaintext “HI”
Reset i = j = 0, Recall S = {2, 1, 3, 0}
i=i+1=1
j = j + S[ i ] = 0 + 1 = 1
Swap S[ i ] and S[ j ]: S = {2, 1, 3, 0}
Output z = S[ S[ i ] + S[ j ] ] = S[2] = 3
Z = 3 ( 0000 0011 )
H
0100 1000
XOR 0000 0011
0100 1011

18. i=1 , j=1 , S = {2, 1, 3, 0}
i=i+1=2
j = j + S[ i ] = 1 + 3 = 4 (mod 4) = 0
Swap S[ i ] and S[ j ]: S = {3, 1, 2, 0}
Output z = S[ S[ i ] + S[ j ] ] = S[1] = 1
Z = 1 ( 0000 0001 )
I
0100 1001
XOR 0000 0001
0100 1000
Result : Plaint Text : 0100 1000 0100 1001
Cipher Text: 0100 1011 0100 1000

19. Resources
Fluhrer, Mantin, Shamir - Weakness in the Key Scheduling Algorithm of RC4. 
http://www.drizzle.com/~aboba/IEEE/rc4_ksaproc.pdf
Stubblefield, Loannidis, Rubin – Using the Fluhrer, Mantin, and Shamir Attack
to Break WEP.

http://www.cs.rice.edu/~astubble/wep/wep_attack.pdf
Rivest – RSA Security Response to Weakness in the Key Scheduling Algorithm of
RC4.
http://www.rsasecurity.com/rsalabs/technotes/wep.html
RC4 Encryption Algorithm. 
http://www.ncat.edu/~grogans/algorithm_breakdown.htm
Computer Network laboratory-RC4 Encryption Algorithm. 
http://www.scribd.com/doc/49849673/21/RC4-Algorithm
