사용자 도구

사이트 도구


kb:arcfouralgorithm

Arcfour Algorithm

소스

Algorithm

////////////////////////////////////////////////////////////////////////////////
/// \class cArcfourStream
/// \brief "Arcfour"라는 Stream Cipher 알고리즘 구현.
///
/// K.Kaukonen, R.Thayer 의 RFC 문서에 있는 소스를 대충 래핑했다. 
/// 자세한 내용은 아래의 링크를 참고하기 바란다.
///
/// http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt
////////////////////////////////////////////////////////////////////////////////
 
class cArcfourStream
{
private:
    UINT32  m_X;
    UINT32  m_Y;
    UINT8   m_Sbox[256];
 
 
public:
    cArcfourStream(const UINT8 *key, UINT32 key_len)
    : m_X(0), m_Y(0)
    {
        for (UINT32 counter = 0; counter < 256; counter++) 
            m_Sbox[counter] = static_cast<UINT8>(counter); 
 
        UINT32 keyindex = 0; 
        UINT32 stateindex = 0; 
 
        for (UINT32 counter = 0; counter < 256; counter++) 
        { 
            UINT32 t = m_Sbox[counter]; 
            stateindex = (stateindex + key[keyindex] + t) & 0xFF; 
            UINT32 u = m_Sbox[stateindex]; 
 
            m_Sbox[stateindex] = static_cast<UINT8>(t); 
            m_Sbox[counter] = static_cast<UINT8>(u); 
 
            if (++keyindex >= key_len) keyindex = 0; 
        } 
    }
 
    virtual ~cArcfourStream() {}
 
 
public:
    void XOR(UINT8* buf, UINT32 len)
    {
        for (UINT32 i = 0; i < len; i++)
            buf[i] = buf[i] ^ GetByte();
    }
 
    template <typename T>
    void XOR(T* buf) 
    {
        XOR(reinterpret_cast<UINT8*>(buf), sizeof(T));
    }
 
 
private:
    UINT8 GetByte()
    {
        UINT32 x  = (m_X + 1) & 0xFF; 
        UINT32 sx = m_Sbox[x]; 
        UINT32 y  = (sx + m_Y) & 0xFF; 
        UINT32 sy = m_Sbox[y]; 
 
        m_X = x; 
        m_Y = y; 
        m_Sbox[y] = static_cast<UINT8>(sx); 
        m_Sbox[x] = static_cast<UINT8>(sy); 
 
        return m_Sbox[(sx + sy) & 0xFF]; 
    }
};

Sample Usage

UINT8 mykey[] = { 
    0x29, 0x04, 0x19, 0x72, 0xFB, 0x42, 0xBA, 0x5F,  
    0xC7, 0x12, 0x77, 0x12, 0xF1, 0x38, 0x29, 0xC9 
}; 
 
cArcfourStream encryption(mykey, sizeof(mykey));
cArcfourStream decryption(mykey, sizeof(mykey));
 
UINT8 original[] = "Write Great Code, Volume 2 (2/E) "; 
UINT8 test[]     = "Write Great Code, Volume 2 (2/E) "; 
 
encryption.XOR(test, 33);
decryption.XOR(test, 33);
 
for (int i=0; i<33; ++i)
{
    if (test[i] != original[i])
    {
        Assert(false);
    }
}
 
int a = 9999;
int b = 9999;
 
encryption.XOR(&a);
decryption.XOR(&a);
 
if (a != b)
{
    Assert(false);
}

Security Considerations

원본 드래프트 문서에서 발췌…

This algorithm can be operated with several different key sizes. If the key is 128 bits in length then this algorithm is believed to be secure. If the key length is significantly shorter, specifically 40 bits, then there are known attacts that have been successfully applied. For this algorithm to be operated in a cryptographically sound manner it is believed that a key length of 128 bits or more should be used.

On the other hand, the 40-bit version of this algorithm is specifically regulated by the U.S. Government. This means that deployment of 40-bit implementations may be easier to export than alternative algorithms.

It must be strongly recommended that no two plaintexts are encrypted with the same key. Otherwise the plaintext can usually be broken, and often even quite easily. If the two encrypted messages are XORed together, the result is the XOR of the original plaintexts. Given the encrypted messages are text strings, credit card numbers, or other byte streams with some known properties, the plaintexts can be estimated with great accuracy. See the DAWSON AND NIELSEN for more details.

Initial cryptanalysis results are favorable, but the current literature should be consulted to assess the security of this cipher. A good starting point for a citation search would be GOLIC. For Internet news group posting, start with FINNEY, JENKINS and ROOS.

  • References
    • DAWSON AND NIELSEN
      Dawson E. and Nielsen L.
      Automated Cryptoanalysis of XOR Plaintext Strings, Cryptologia, April 1996, Volume XX, Number 2.
    • FINNEY
      Finney, H.
      Internet message posted to sci.crypt 21 September, 1994.
    • GOLIC
      Golic, J.
      “Linear Statistical Weakness of Alleged RC4 Keystream Generator.”
      In, W. Fumy (ed.), Proceedings of Eurocrypt
    • JENKINS
      Jenkins, B. Internet message posted to sci.crypt 22 September, 1994.
    • ROOS
      Roos, A. Internet message posted to sci.crypt 28 September, 1995.

—-

kb/arcfouralgorithm.txt · 마지막으로 수정됨: 2014/11/06 17:54 (바깥 편집)