RC4 vs E0 A Comparative Study

1
RC4 vs E0 - A Comparative Study

• By Omar Faruk

2
Outlines

• What is RC4 E0 ?
• How they work ?
• Practical Usage
• Known Attacks
• Comparision

3
What is RC4 ?

• RC4 is the most widely-used Stream Cipher
• Designed by Ron Rivest of RSA Security in 1987
• RC stands for Ron's Code or Rivest's Cipher
  algorithm
• Also known as ARC4 (Alleged RC4 )
• Design of the cipher was kept as a Trade Secret
  until 1994
• RC4 uses a variable length key to initialize a
  State table
• The state table is used for subsequent generation
  of pseudo-random bytes

4
How RC4 works ?(1)

• RC4 generates a pseudorandom stream of bits
  (keystream)
• For Encryption, keystream is combined with the
  plaintext using XOR. Decryption is performed in
  the same way.
• To generate the keystream, the cipher makes use
  of a secret internal state which consists of two
  parts.
• A permutation of all 256 possible bytes
• Two 8-bit index-pointers
• The RC4 algorithm works in two phases, key setup
  and ciphering
• Key setup phase can be further divided into two
  parts
• Key-Scheduling Algorithm (KSA)
• Pseudo-Random Generation Algorithm (PRGA)

5
How RC4 works ?(2)

• Key-Scheduling Algorithm (KSA) - Initialise the
  permutation in array
• Pseudo-Random Generation Algorithm (PRGA) -
  Modifies the state and outputs a single byte of
  the keystream

for i from 0 to 255 Si I j 0 for i
from 0 to 255 j (j Si keyi mod
keylength) mod 256 swap(Si,Sj)
i 0 j 0 while GeneratingRandomKey i
(i 1) mod 256 j (j Si) mod 256
swap(Si,Sj) output S(Si Sj) mod 256
6
What is E0 ?

• E0 is a stream cipher used in the Bluetooth
  protocol
• Generates a sequence of pseudorandom numbers and
  combines it with the data using the XOR operator
• The E0 algorithm consists of three elements
• The Keystream Generator
• The Payload Key Generator
• The Encryption/Decryption Component
• A keystream is generated as a function of the
  encryption key
• Uses four Linear Feedback Shift Registers (LFSR)
  with lengths 25, 31, 33, 39 and primitive
  feedback polynomials
• ex. p1(x) x25 x20 x12 x8 1

7
How E0 works ?

• E0 generates a bit using four shift registers of
  differing lengths two internal states, each 2
  bits long
• At each clock tick, the registers are shifted and
  the two states are updated with the current state
• Four bits are then extracted from the shift
  registers and added
• The algorithm XORs that sum with the value in the
  2-bit register
• The first bit of the result is output for the
  encoding

8
Practical Usage of RC4 E0

• Usage of RC4
• Used in Secure Sockets Layer (SSL) to protect
  Internet traffic
• Also used in WEP WPA to secure wireless
  networks
• Microsoft Point-to-Point Encryption (MPPE) uses
  RC4 for encrypting data across Point-to-Point
  Protocol and Virtual Private Network links
• Usage of E0
• Used in the Bluetooth protocol to encrypt payloads

9
Known Attacks of RC4 E0

• Known Attacks of RC4
• Initialization starts from a known state. The
  first byte of the RC4 key-stream are
  distinguishable from random output, and reveal
  information about the key.
• RC4 was used in a very insecure way in the WEP
  protocol
• No method to distribute initial keys
• Poor handling of IVs
• No dropping of the first key-stream bytes
• Known Attacks of E0
• There exist algebraic attacks against E0 key
  stream generator
• Lu, Meier and Vaudenay published a cryptanalysis
  of E0 based on a correlation attack

10
Comparision Between RC4 E0

• Key Length -
• RC4 - Usually 5 to 16 bytes
• E0 - Generally 16 bytes
• Initialization Vector -
• RC4 - 8 bits
• E0 - 132 bit
• Implementation -
• RC4 - Software Based
• E0 - Hardware Based
• Speed Memory
• Simplicity

11
Questions ???
12
Thank You