As the use of internet becomes more and more popular, many transactions are being carried out online, such as, for example, banking transactions, purchases, access of personal records (e.g., medical records, academic records, etc.). Frequently, personal or private information (e.g., account numbers, passwords, personal messages, etc.) is sent via public networks, such as the Internet. To protect these personal or private information, various encryption techniques are often used to encrypt these personal or private information before sending it over the public networks.
One conventional data encryption technique is arcfour. A conventional arcfour stream cipher is generally fast and simple, but its simple key scheduling algorithm makes the encryption vulnerable to equivalent key recovery attacks. Furthermore, arcfour does not natively support per-message nonces to ensure that messages are enciphered using different key streams.
According to one conventional approach, arcfour is rekeyed by using an iterative method, running over a key interpreted as a sequence of unsigned quantities in the range of 0 to 255. The current state of the stream cipher is stored in an array of 256 unsigned quantities in the range of 0 to 255. In addition, the array includes two additional unsigned quantities in the range of 0 to 255, which are used to index the array. Conventionally, this array is referred to as an S array, and the two indices are referred to as i and j.
One conventional arcfour is keyed by initializing the S array to contain the sequence of integers, 0 through 255 in order, i.e., S[0]=0, S[1]=1, . . . , and S[255]=255; and j is set to 0. The key is interpreted as a sequence of byte values, repeated as necessary to form a sequence of 256 unsigned values in the range of 0 to 255, which may be referred to as a K array. Then i is iterated through the sequence of values of 0 through 255, and for each value, the sum of S[i] and K[i] is added to the value of j, and the result is masked to 8 bits. Then the ith and jth entries of S are swapped. After the iterations, i and j are set to zero. Bytes are generated from this by incrementing i and keeping the low eight (8) bits, adding S[i] to j, and again, keeping the low 8 bits. The ith and jth elements of the S array are swapped, and the S[i]+S[j] (mod 256) element of the S array is returned.
The operations of the above conventional arcfour stream cipher are simple and quick. Unfortunately, in the key setup as given, the value of j evolves as a function of the sum of the key bytes up to that point. This dependence shows up in the output, which is biased enough to potentially allow others to reconstruct the keys from the first several output bytes.