Network Working Group R. Thayer
Expire in six months
Internet Draft February 1997
A Stream Cipher Encryption Algorithm
<draft-thayer-cipher-00.txt>
Status of this Memo
This document is an Internet-Draft. Internet-Drafts are working
documents of the Internet Engineering Task Force (IETF), its
areas, and its working groups. Note that other groups may also
distribute working documents as Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet-
Drafts as reference material or to cite them other than as ``work
in progress.''
To learn the current status of any Internet-Draft, please check
the ``1id-abstracts.txt'' listing contained in the Internet-
Drafts Shadow Directories on ftp.is.co.za (Africa), nic.nordu.net
(Europe), munnari.oz.au (Pacific Rim), ds.internic.net (US East
Coast), or ftp.isi.edu (US West Coast).
Abstract
There is a need in the Internet community for an encryption
algorithm that provides interoperable operation with existing
deployed commercial cryptographic applications. This
interoperability will allow for a smoother transition to
protocols that have been developed through the IETF standards
process. This document describes an existing algorithm that
satisifies this requirement.
Thayer [Page 1]
Internet Draft An Encryption Algorithm February 1997
TABLE OF CONTENTS
STATUS OF THIS MEMO.............................................1
ABSTRACT........................................................1
1. INTRODUCTION.................................................3
2. REQUIREMENTS FOR THIS ENCRYPTION ALGORITHM...................3
3. DESCRIPTION OF ALGORITHM.....................................4
4. INTELLECTUAL PROPERTY CONSIDERATIONS.........................5
5. ACKNOWLEDGEMENTS.............................................5
6. SECURITY CONSIDERATIONS......................................5
7. REFERENCES...................................................6
8. AUTHOR'S ADDRESS.............................................6
APPENDIX........................................................7
A. TEST VECTORS.................................................7
B. SAMPLE CODE..................................................8
Thayer [Page 2]
Internet Draft An Encryption Algorithm February 1997
1. Introduction
There is a need in the Internet community for an encryption
algorithm that provides interoperable operation with existing
deployed commercial cryptographic applications. This
interoperability allows for a smoother transition to protocols
that have been developed through the IETF standards process.
This document describes an existing algorithm that satisifies
this requirement.
There is a large body of experience in developing and deploying
encryption applications, especially in the HTTP/HTML
browser/server markets. These browsers typically implement an
encryption algorithm provided by [RSA]. It would be beneficial
for the IETF standards processes to produce protocols that can be
deployed into existing Internet environments. This would allow
gracefull addition of new (IETF-developed) protocols. It would
allow less disruption of existing users, since there would be
more interoperability between pre-exisiting protocols and IETF-
based protocols.
2. Requirements for this Encryption Algorithm
The algorithm described here has been chosen because it is
compatible with one of the most popular encryption algorithms in
the browser market. It is potentially useful in several
environments, including TLS [TLS] and IPSEC [IPSEC]. There are
existing Internet Drafts that describe how it can be applied, see
[TLS] and [Caronni].
The algorithm can be used with a variety of key lengths. It
specifically can be operated with 40-bit keys and with 128-bit
keys. See the Security Considerations section for comments on
use of 40-bit keys.
Compatability of the algorithm with commercial algorithms is
determined by comparing the encrypted data that is produced by
the test vectors listed in the appendix to this document.
Thayer [Page 3]
Internet Draft An Encryption Algorithm February 1997
3. Description of Algorithm
The algorithm itself is documented in [Schneier], page 397-398,
in the chapter entitled "Other Stream Ciphers and Real Random-
Sequence Generators".
1. Allocate an array of 8 by 8 8 bit counters as an S-box, label
it
S [0] .. S [255].
2. Initialize the S-box. Fill each entry first with it's index:
S [0] = 0; S [1] = 1; etc. up to S [255] = 255;
3. Fill another array of the same size (256) with the key,
repeating bytes as necessary.
S2 [0] = key [0]; S2 [1] = key [1]; ...
4. Initialize the S-box from it's preloaded value and the key.
Set j to zero and perform this:
for (i=0; i<256; i=i+1)
{
j = (j + S [i] = S2 [i]) % 256;
temp = S [i];
S [i] = S [j];
S [j] = temp;
};
Thayer [Page 4]
Internet Draft An Encryption Algorithm February 1997
5. For either encryption or decryption, the input text is
processed one byte at a time. A 'random' byte k is generated:
Initialize i to zero; initialize j to zero.
i = (i+1) % 256;
j = (j + S[i]) % 256;
temp = S [i];
S [i] = S [j];
S [j] = temp;
t = (S [i] + S [j]) % 256;
K = S [t];
To encrypt, XOR the value K with the next byte of the plaintext.
To decrypt, XOR the value K with the next byte of the ciphertext.
4. Intellectual Property Considerations
This document does not address Intellectual Property issues. No
claim is made as to who owns this algorithm.
5. Acknowledgements
This work was based on conversations with several collegues
within the IETF.
6. Security Considerations
This algorithm can be operated with several different key sizes.
If the key is 128 bits in length then this algorithm is believed
to be robust. If the key length is significantly shorter,
specifically 40 bits, then there are known attacts that have been
successfully applied. For this algorithm to be operated in a
cryptographicall sound manner it is believed that a key length of
128 bits should be used.
On the other hand, the 40-bit version of this algorithm is
specifically regulated by the U.S. Government. This means that
deployment of 40-bit implementations may be easier to export then
alternative algorithms. The experience that can be gained by
developing a full implementation and deploying it may provide
sufficient benefit that 40-bit "weak" encryption is appropriate.
There are examples in the commercial environment where this logic
has been successfully applied.
Thayer [Page 5]
Internet Draft An Encryption Algorithm February 1997
7. References
[Caronni] Caronni, G., Waldvogel, M. "The ESP Stream Transform",
ftp://ds.internic.net/internet-drafts/draft-caronni-esp-stream-
01.txt, September, 1996.
[COMMERCE] Test vectors issued by United States Department of
Commerce, Bureau of Export Administration, Office of Strategic
Trade and Foreign Policy, Strategic Trade Controls Division.
[CRYPTLIB] Gutmann, P, Young, E., Plumb, C. "Cryptlib, A
Portable Encryption Library", Version 2.00.
http://www.cs.auckland.ac.nz/~pgut001/cryptlib.html, 1996.
[IPSEC] Atkinson, R, "Security Architecture for the Internet
Protocol", ftp://ds.internic.net/rfc/rfc1825.txt, August 1995.
[RSA] RSA Data Security, Inc., http://www.rsa.com, Address: RSA
Data Security, Inc. 100 Marine Parkway, Suite 500, Redwood City,
CA 94065-1031.
[SCHNEIER] Schneier, B. "Applied Cryptography", Second Edition,
http://www.counterpane.com. Published by John Wiley & Sons, Inc.
ISBN 0-471-11709-9, 1996.
[TLS] Freier, A., Karlton, P., Kocher, P., Dierks, T., " The TLS
Protocol", ftp://ds.internic.net/internet-drafts/draft-ietf-tls-
protocol-00.txt, December, 1996.
8. Author's Address
Rodney Thayer
Sable Technology Corporation
246 Walnut Street
Newton Massachusetts 02160
rodney@sabletech.com
+1 617 332 7292
Fax +1 617 332 7970
Thayer [Page 6]
Internet Draft An Encryption Algorithm February 1997
Appendix
A. Test Vectors
1. Test Vectors from [CRYPTLIB]:
Plain Text:
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
Key:
0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF
Cipher Text:
0x74, 0x94, 0xC2, 0xE7, 0x10, 0x4B, 0x08, 0x79
2. Test Vectors from [COMMERCE]:
Plain Text:
0xdc, 0xee, 0x4c, 0xf9, 0x2c
Key:
0x61, 0x8a, 0x63, 0xd2, 0xfb
Cipher Text:
0xf1, 0x38, 0x29, 0xc9, 0xde
Thayer [Page 7]
Internet Draft An Encryption Algorithm February 1997
B. Sample Code
[Ed. note: In the style of other IETF documents, a sample program
could be included here. However this has been removed in order
to comply with export controls. The source code text of Appendix
B is available separately, if an appropriate repository, such as
that at MIT, could be found.]
Thayer [Page 8]