This invention relates generally to data security, and more particularly to a system and method for using a fast hardware implementation of RC4 to encrypt and decrypt files.
In its infancy, computer networks provided a research-oriented environment where users and hosts were interested in a free and open exchange of information, and where users and hosts mutually trusted one another. However, computer networks have grown drastically. For example, the Internet currently interconnects at least 100,000 computer networks and millions of users. Because of the size and openness of many computer networks, computer networks have become a target of theft, data alteration, and other mischief.
Virtually everyone that sends information over many computer networks is vulnerable. Before sending a file over a computer network, companies balance the benefits and ease of transferring a file over the network against the risks of potential unauthorized file access. Companies generally use the security technique of encryption and decryption in an attempt to prevent unauthorized file access.
Many different types of encryption and decryption have been developed to prevent unauthorized file access. Bruce Schneier, author of Applied Cryptography, published by John Wiley and Sons, December 1995, describes RC4 as a variable-key-size stream cipher developed by RSA Data Security, Inc., of San Mateo, Calif., that is one example of a type of encryption/decryption method. RC4 is an encryption method that works in Output-Feedback (OFB) mode. The keystream RC4 is independent of the plaintext and the algorithm has an 8*8 S-box: S0, S1, . . . , S255.
The RC4 method for encrypting data is shown below in Table 1.
As shown, two indices, i and j are generated to identify locations in a memory. Index j is based on a value, Si, stored in the memory. The values Si and Sj, stored in the memory, are swapped, making the memory dynamic and ever-changing. A third index is then generated to identify a location based on the swapped values. The value stored at that location is used as the key. Because the memory is ever-changing, a hacker would need an exact replica of the memory and values stored therein at that exact moment in time to break the encryption/decryption code.
More particularly, in line 1 of the RC4 key computation algorithm, the variable xe2x80x9cixe2x80x9d is incremented by 1. A modulo 256 is taken of the incremented value of variable xe2x80x9cixe2x80x9d. In line 2, xe2x80x9cjxe2x80x9d acquires the sum of xe2x80x9cjxe2x80x9d plus Si. A modulo 256 is taken of the sum. In line 3, a swap of the memory addresses of Si and Sj are taken. In line 4, xe2x80x9ctxe2x80x9d acquires the sum of the memory addresses of Si plus Sj, modulo 256. In line 5, key xe2x80x9ckxe2x80x9d acquires the value of S1.
The entries of the RC4 encryption method are a permutation of the numbers xe2x80x9c0xe2x80x9d through xe2x80x9c255xe2x80x9d. The permutation is a function of the variable-length key. The RC4 encryption method has two counters, xe2x80x9cixe2x80x9d and xe2x80x9cjxe2x80x9d that are each initialized to zero. Variable xe2x80x9ckxe2x80x9d is XORed with the unencrypted message to produce the encrypted message or XORed with the encrypted message to produce the decrypted message. The S-box is filled linearly from S0, S1, . . . , S255. Once one 256 byte array is filled, another 256 byte array is filled with the key. This process of repeating the key as necessary continues until the entire array: k0, k1, . . . , k255 is filled.
A conventional implementation of the RC4 encryption/decryption method would include the steps shown in Table 2.
The conventional implementation of the RC4 encryption/decryption method is generally performed in software. The steps shown in Table 2 repeat until all data is either encrypted or decrypted. As shown, in line 1 of the RC4 key computation software implementation, variable xe2x80x9cixe2x80x9d is incremented by 1. Although not shown, a modulo 256 is taken of the incremented value of variable xe2x80x9cixe2x80x9d. In line 2, load the variable Si and add xe2x80x9cjxe2x80x9d to the variable Si. Although not shown, a module 256 is taken of the sum. In line 3, load Sj. In line 4, perform one half of the swap of memory addresses by first storing Si into Sj. In line 5, complete the swap of memory addresses by storing Sj into Si, and add Si and Sj to generate t. Although not shown a modulo of the sum is taken. In line 6, load St, and XOR St with the message. Although a conventional software implementation of the RC4 encryption/decryption process eventually encrypts or decrypts a given message or file, this process is processor heavy, costly and requires excessive resource time.
Therefore, there is a need to provide a system and method to encrypt/decrypt files efficiently using a fast hardware implementation of the RC4 ciphertext algorithm.
The present invention provides a system and method for encrypting and decrypting files using a fast hardware implementation of the RC4 algorithm to enable secure access to information resources in a computer network. The network system includes a sender computer coupled via a computer network to a receiver computer.
Multiport memory included within both the sender computer and the receiver computer as part of the RC4 logic enable a fast hardware implementation of the respective encryption circuit and decryption circuit. The hardware implementation of the RC4 encryption/decryption algorithm is made faster by reducing the number of cycles needed to perform the encryption/decryption. One of ordinary skill in the art will understand that a reduction in the number of cycles greatly increases efficiency and reduces cost.
From a system point of view, a preferred embodiment of the invention encrypts a message using the RC4 encryption algorithm. The system comprises: a message receiver for receiving a message; a key computation module for computing an encryption key according to the RC4 encryption algorithm, where the key computation module includes at least one multiport memory that allows at least a synchronous read and write; and an XOR module for performing an XOR function of the message and the key to yield an encrypted message.
From a method point of view, a preferred embodiment of the invention encrypts a message using an encryption circuit that includes at least one multiport memory. The method comprises the steps of: (a) incrementing a value xe2x80x9cixe2x80x9d; (b) loading a value Si; (c) adding substantially simultaneously with step (b) a value Sj of step b to a value xe2x80x9cjxe2x80x9d; (d) loading a value Sj; (e) adding substantially simultaneously with step (d) the value Sj of step (d) to Si to generate xe2x80x9ctxe2x80x9d and storing Si into Sj; (f) reading k by loading St; (g) storing substantially simultaneously with step (f) Sj into Si and incrementing the value xe2x80x9cixe2x80x9d; and (h) performing an XOR function of the message and k (value St) to encrypt the message.