← Back

RC4 (mini)


RC4 or Rivest Cipher 4, also known as ARC4 or ARCFOUR, is a stream cipher designed by Ron Rivest in 1987. (RC is also understood as 'Ron's Code').

It is remarkable for its simplicity (algorithm is also few lines of code only) and speed. Although, multiple vulnerabilities have also been discovered in its improper use (An infamous example of Problematic use of RC4 is the protocol WEP used in Wireless Networks).

It works upon the stream of bits and encrypt each bit one by one, using an 'almost-random' 'keystream' (which is generated after each bit using some algorithm).

The RC4 cipher consists of two parts: 1. The Key Scheduling Algorithm (KSA), and 2. The Pseudo Random (Byte) Generation Algorithm (PRGA).

The KSA takes a neatly arranged array (say, 'S'-array) of 256 elements (bytes containing values 0, 1, 2, ..., 255 in this order), and then uses a variable length secret 'key' to turn the array into a pseudo-random order. Once the KSA has finished, the array is supposed to "look" randomly arranged.

After the KSA, the PRGA part starts and this part outputs one byte at a time. Each PRGA step further perturbs the array a little while outputting one byte.

To decrypt the bits back, the same process is repeated again.

Remember, the 'vulnerabilities' we were talking about in the beginning of this post. This is it - "The crucial theme underlying most of the weaknesses of RC4 is that the initial few output bytes of RC4 are highly correlated to the secret key." and thus, can give the hacker an idea of the secret key just after finding out patterns in the ciphertext (especially the 'initial few output bytes'). Terrible, isn't it.
The solution to above problem is to discard the beginning of output keystream.

note: Some of the explanation above is from Somitra Sanadhya's answer on "What is an intuitive explanation of the RC4..." on Quora.com.


The 'Tool' given in the other tab can be used to encrypt any string using the minified version of RC4 which uses 16 bytes (instead of 256 bytes). Intermediate Steps involved in the algorithm are also shown in the 'Tool', and may improve your 'practical' understanding.


Next, we implement the full version of RC4, i.e. the one which works on 256 byte 'keystream'; and also explain the algorithm.
Bye till then.

Post-16 Ended.


Intermediate Steps

No result to show.