More on RC4

Read the section on RC4 in this article. Try to mentally follow the steps for encryption with the algorithm. What are some of the strengths and weaknesses of RC4 as noted in this article?

This section gives the detail explanation of cryptographic algorithms developed by Ronald Rivest, one of the inventors of the RSA public key cryptography algorithm and co-founders of RSA security. Ronald developed three Symmetric key

was one of the popular and fastest symmetric key algorithms invented in the year 1987[5,6]. The algorithm uses a variable sized key from 1 to 256 bits is used to initialize a 256-byte state vector S. The same algorithm is used for both encryption and decryption. For encryption and decryption, a byte k is generated from S by selecting one of the 255 entries. As each value of k is generated, the entries in S are once again permuted.The principle of RC4 algorithm is divided into two stages.

  1. Key-Scheduling algorithm (KSA)

  2. Pseudo Random Generation Algorithm (PRGA).

    S [ i ] + S [ j ] mod 256




    0 1 mod 256 i j 254



    Figure 8. An overview of RC4 [5]

        1. Key-Scheduling Algorithm (KSA)

          The main function of the Key-Scheduling Algorithm is to complete initialization of RC4 Key. The algorithm first initializes the S table with the identity permutation. Once the S array is initialized, shuffling of the array is performed using the key to make it a permutation array. For this operation, S array is processed for 256 iterations [5,6]. The pseudo-code for the key scheduling algorithm is given below

          for i from 0 to 255 S [ i ] : = i

          endfor j : = 0

          for i from 0 to 255

          j : = ( j + S [ i ] + key [ i mod key length ] ) mod 256

          swap values of S [ i ] and S [ j ] endfor

          Finally the S array is generated and it is used in the PGRA to generate the key stream.

        2. Pseudo-Random Generation Algorithm (PRGA)

          The PGRA is used to generate the keystream of the size of the message to encrypt and it has the capacity to generate the keystream of any size [5,6]. To Perform the PRGA operation, firstly, assign (or initialize) any two index to 0 and then the generation of keystream starts one byte at a time until it reaches the size of the message. For computing the each new byte the following steps are used.

          • Compute new value of i and j i : = (i + 1) mod 256

            j : = (j + S [ i ] ) mod 256

          • To have a dynamic state swapping process is performed between S [ i ] and S [ j ]

          • Retrieve the next byte of the keystream from the S array at the index

            Keystream Byte

            The pseudo-code for the pseudo-random generation algorithm is given below

            i : = 0 j : = 0

            while Generating Output : i : = (i + 1) mod 256

            j : = (j + S [ i ] ) mod 256

            swap values of S [ i ] and S [ j ]

            K : = S [ (S [ i ] + S [ j ] ) mod 256 ]

            output K


        3. Steps for RC4 Algorithm

          The steps for RC4 encryption algorithm is as follows [5,6]:

          Step 1 : Get the data to be encrypted and the selected key.

          Step 2 : Create two string arrays.

          Step 3 : Initiate one array with numbers from 0 to 255.

          Step 4 : Fill the other array with the selected key.

          Step 5 : Randomize the first array depending on the array of the key.

          Step 6 : Randomize the first array within itself to generate the final key stream.

          Step 7 : XOR the final key stream with the data to be encrypted to give cipher text.

        4. RC4's Success:

          • Random nature of S-Box changes which makes it difficult to locate a value in its table. Through the use of a 256 byte internal key,an S-box RC4 can be in 256!*2562 possible states, which represents quite a large making an attack on its table structure very difficult.

          • Speed: It uses a few simple loops and swapping of bytes making it extremely fast.

          • Simplicity

          • Efficient implementations in both software and hardware

          • Very easy to develop.

        5. RC4s Weakness:

          • Short key length means that the pseudorandom generator will repeat, which permits passive monitoring to gather data that can be statistically analyzed.

          • Weak keys

          • The most important weakness of RC4 comes from the insufficient key schedule; the first bytes of output reveal information about the key. This can be corrected by simply discarding some initial portion of the output stream.

          • This is known as RC4-dropN, where N is multiple of 256, such as 768 or 1024.

      1. Rivest Cipher5 (RC5)

        RC5 is a symmetric block cipher algorithm published in the year 1994 [7, 8]. This algorithm is designed to be suitable for both hardware and software. This algorithm provides block size of RC5 is variable and can be 32, 64, or 128 bits. The key size is also variable and can be between 0 and 2048 bits. Although 12 rounds is the standard number for 64 bit RC5, the number of rounds is also variable and can be between 1 and 255. It is a parameterised algorithm and particularly the RC5 algorithm is designated as RC5- w/r/b and the detail of the parameter are shown in the table 2.

        Table 2 RC5 Parameters



        Allowable Values


        Word Size in bit,

        RC5 encrypt 2-word blocks

        16, 32, 64 , 128


        Number of rounds



        Number of bytes in the secret key K

        0, …… 255

        RC5 algorithm consists of three components, namely, (1) Key Expansion, (2) Encryption Algorithm, and (3) Decryption Algorithm. This algorithm uses the three primitive operations shown in table 3.

        Table 3.

        S. No

        Primitive Operations




        Two's complement addition of words, denoted by "+". This is modulo-2w addition. The inverse operation subtraction of words denoted

        by "-".

        RC5 Primitive Operations




        Bit-wise exclusive-OR of



        Left Circular

        A left-rotation (or "left-spin")


        of words: the rotation of

        word x left by y bits is

        denoted x <<< y. The

        inverse is the right circular

        rotation of word x by y bits is

        denoted by x>>>y.

        1. Key Expansion

          The key expansion routine expands the users secret key K to fill the expanded key array S. The key expansion algorithm uses two magic constants. The key expansion algorithm performs a complex set of operations on the secret key to produce the total subkeys represented as t. Each subkey is one word in length. Two subkeys are used in each round and two subkeys are used on an addtional operation that is not part of any round, so t=2r+2.

          Techniques used to generate Subkeys

          • The subkeys are stored in a t word array labelled S[0],S[1],,S[t+1].

          • The parameters r and w as inputs.

          • Then the b byte key, K[0,,b-1] is converted into a c-word array L[0,,c-1].

          • On a little-endian machine , this is accomplished by zeroing out the array L and copying the string K directly into the memory positions represented by L.

          • If b is not an integer multiple of w, then a portion of L at the right end remains zero.

          • Finally a mixing operation is performed that applies the contents of L to the initialized value of S to produce a final value fro the array S.

        2. Encryption Algorithm

          In the encryption algorithm, RC5 input block consist of two w-bit registers A and B and the output is also placed in the same register. The variables LEi and REi refer the left and right half of the data after round i has completed. The algorithm is follows:

          LE0 = A+S[0]; RE0 = B+S[1];

          for i= 1 to r do

          LEi=((LEi-1 XOR REi-1)<<<REi-1)+S[2*i]; REi=((REi-1 XOR LEi)<<<LEi)+S[2*i+1];

          The cipher text result contains the two variables LEr and REr each of the r rounds consists of a substitution using both words of data. A permutation is computed using both words of data and a substitution that

          depends on the key. One round of RC5 is equivalent to two rounds of DES.

        3. Decryption Algorithm

    The decryption routine can easily derive from the encryption routine of RC5.The encryption algorithm a 2w bits of cipher text as output. Those bits are initially assigned to the two one-word variables LDr and RDr. The variables LDi and RDi refer to the left and right half of the data before round i has begun, where the rounds are numbered from r down to 1.

    for i = r down to 1 do

    RDi-1=((RDi-S[2*i+1]>>>LDi)XORLDi); LDi-1=((LDi-S[2*i]>>>RDi) XOR RDi-);

    B = RD0-S[1];

    A = LD0-S[0];

      1. Rivest Cipher6 (RC6)

        RC6 is a symmetric key block cipher derived from RC5. It was designed in the year 1998 by Ron Rivest in collaboration with his associates from RSA Laboratories [9,10]. RC6 includes many new features, which are not available in RC5. RC6 algorithm has a modified Feistel structure and presented symbolically as RC6-w/r/b and the derails of w/r/b are given in table4.




        represent 32 bits as the size of word


        It denotes number of round for encryption. If the size of block is 128 bits, then r, the number, is 20


        16, 24 and 32 byte key

        Table 4 RC6 Parameters

        • a>>>b rotate the w-bit word a to the right by the amount given by the least significant lg w bits of b

    Key Schedule

    The key schedule of RC6-w/r/b is similar to the key schedule of RC5-w/r/b. The user supplies a key of b bytes. From this key, 2r + 4 words (w bits each) are derived and stored in the array S [0, 2r + 3]. This array is used in both encryption and decryption


    The encryption process in RC6 is relatively simple. RC6 consist of four w-bit registers (A, B, C, D) which is used to store the initial input plain text and the final output cipher text is also stored in the same register. The first byte of plaintext or cipher text is placed in the least significant byte of A; the last byte of plaintext or cipher text is placed into the most significant byte of D. The pseudo-code for the encryption is given below.

    Input : Plain text stored in four w-bit input registers A, B, C, D

    Number of r rounds

    w-bit round keys S[0,,2r + 3] Output : Cipher Text stored in A, B, C, D Procedure : B = B + S[0];

    D = D + S[1];

    for i = 1 to r do


    4.3.1 Structure of the RC6 Algorithm


    t = (B (2B + 1)) log w; u = (D (2D + 1)) log w; A = ((A t) u) + S[2i];

    C = ((C u) t) + S[2i+1]; (A, B, C, D) = (B, C, D, A);

    A = A + S[2r+2]; C = C + S[2r+3];

    RC6 algorithm contains four components they are

    1. Basic Operation, (2) Key Schedule, (3) Encryption and (4) Decryption

      Basic Operation

      For all variants, RC6- w/r/b operates on units of four w-bit words using the following six basic operations. The base-two logarithm of w will be denoted by lg w.

      • a + b integer addition modulo 2w

      • a – b integer subtraction modulo 2w

      • a Ã…b bitwise exclusive-or of w-bit words

      • a X b integer multiplication modulo 2w

      • a<<<b rotate the w-bit word a to the left by the amount given by the least significant lg w bits of b

    Decryption operation performs in a similar way as encryption. The main difference is that the cipher text is given as input and produce output as plain text. The pseudo-code for the decryption is shown below.

    C = C + S[2r+3]; A = A + S[2r+2];

    for i = r downto 1 do


    (A, B, C, D) = (D, A, B, C);

    u = (D (2D + 1)) log w; t = (B (2B + 1)) log w;

    C = ((C – S[2i+1]) t) u;

    A = ((A – S[2i]) u) t;


    D = D – S[1];

    B = B – S[0];

    Table 5.

    Comparisons of RC4, RC5 And RC6 Algorithm





    Symmetric Cipher Type

    Stream Cipher

    Block Cipher

    Block Cipher

    Block Size


    32, 64 or 128 bits

    (64 suggested)




    (12 suggested originally)


    Key Size


    2,048 bits

    0 to 2040 bits

    (128 suggested)

    128, 192,

    or 256 bits


    Ron Rivest

    Ron Rivest

    Ron Rivest, Matt Robshaw, Ray Sidney,

    Yiqun Lisa

    Published Year