----- Original Message ----- From: "Jeremy Lennert" <[EMAIL PROTECTED]> To: "'Neil Johnson'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>; "'R. A. Hettinga'" <[EMAIL PROTECTED]> Sent: Friday, February 22, 2002 10:15 PM Subject: CDR: RE: Jail Cell Cipher (modified RC4)
> I'm not having difficulty with the implementation (the C++ code included in > my first message, also available at > http://www.mindflare.com/cipher/jcrc4.cpp , already implements the cipher > correctly). I'm inquiring regarding the impact of the changes on the > security of the cipher. Unfortunately it has a rather damning effect on the cipher. First in the key scheduling there is a distinct possibility of keys that are impossible. It assumes that all K[i] are generators mod 37, so using a key where the offset is 0 will result in an infinite loop in the key scheduling, this is obviously a bad design decision. Second the distinguisher from random for such a small RC4 state would require a relatively small known plaintext. In fact at that size I think there are better attacks against it than the distinguishers known for full sized RC4. I believe it would be achievable to actually determine that complete state, although it would take more significant amounts of work than would be applied to most inmate mail (an encrypted message would probably be simply discarded and never delivered). I don't think this reduced version of RC4 would be very suitable even assuming a perfect delivery mechanism. I've actually considered a similar question before (http://groups.google.com/groups?hl=en&th=f0d53f0eb5d7c011&seekm=9s2akd%24qk 4%241%40nntp9.atl.mindspring.net&frame=off), I never managed to come up with anything really suitable. I did find a solution where the inmate is given a computer and a compiler, use RC5 to key itself (very similar to Blowfish), a 128-bit block, and 20 rounds. Should withstand pretty much any analysis work (except "throw it in the trash" cryptanalysis). This suffers from being difficult to calculate with a pencil and paper, and so doesn't really fit the requirement for a jail cell cipher. Using full RC4 is actually doable. Take a sheet (or multiple sheets) of paper, create 3 sets of 0,...,255 numbers. on a large table in front of you (or in a controlled grid) place the first 0...255 set in order, that's your state array, the other two sets are for your i and j values. If a guard is approaching and the data must be destroyed simply blow very hard and all the numbers are scrambled. Of course you will probably be adding and subtracting instead of performing XOR. This is obviously pain-staking, and slow, but it will offer the same security as a computer running the RC4 algorithm. Joe
