IOSR Journal of Computer Engineering (IOSR-JCE)

e-ISSN: 2278-0661,p-ISSN: 2278-8727, Volume 18, Issue 6, Ver. IV (Nov.-Dec. 2016), PP 67-73
www.iosrjournals.org

An Overview of the RC4 Algorithm

Isnar Sumartono1, Andysah Putera Utama Siahaan2, Nova Mayasari3
Faculty of Computer Science
Universitas Pembangunan Panca Budi
Jl. Jend. Gatot Subroto Km. 4,5 Sei Sikambing, 20122, Medan, Sumatera Utara, Indonesia

Abstract: File security is critical in maintaining the confidentiality of the information, especially sensitive
information that should only be known by authorized persons only. If the data is not kept secret, the information
obtained may lead to undesirable events and misused by parties who are not responsible.The best way is used
for file security is cryptography. One of the algorithms used is RC4. In the process of this algorithm, the key
generated by forming the S-Box. The results of the S-Box then is carried out by XOR process with the existing
plain character. This study discusses how to perform encryption and decryption process uses the RC4 algorithm
to each of the ASCII file.
Keywords: File Protection, RC4, Cryptography

I. Introduction
Security issues are one of the most important aspects of an information system. Data or information
will not be useful again if unauthorized persons have stolen the data or information. The security level should be
further enhanced. The file is an important data which contains information to be exchanged [1]. The file must
have a good security protection system to be in the delivery of the archive is not leaking. Given the widespread
use of information technology in all aspects such as education, government, industry, and others, then the
security of the data needs to be considered properly. The system used to secure the data is cryptography. Many
cryptographic techniques can be applied to the information will be protected; one of which is RC4.
Cryptographic algorithms continue to evolve as the discovery of weaknesses in each of these methods.
The cryptographic algorithm consists of modern and classic [2][3]. In modern algorithms, the key used was
twofold symmetrical and asymmetrical. The symmetric key is the key used for encryption and decryption using
the same key while the asymmetric uses two different keys in the encryption and decryption process. In this
method may be applied method of stream ciphers and block ciphers.
The RC4 algorithm uses the symmetric key-shaped stream cipher [4]. This algorithm is excellent and
quick to use on a long plaintext. If the formation of S-Box has been completed, the value of the S-Box can be
directly substituted with the data in plaintext. The result of the substitution of a ciphertext.

II. Theories
A. Rivest Cipher 4 (RC4)
RC4 is a stream cipher type. It processes unit or input data at one time. Unit or data is a byte or even
sometimes bits [4][5]. In this way, the encryption or decryption can be implemented on the length of the
variable. This algorithm does not have to wait a certain amount of data input before it is processed or add extra
bytes to encrypt. The example is RC4 as shown in Figure 1. Another type is a block cipher that processes at the
same time a certain amount of data (typically a 64-bit or 128-bit blocks) For example, Blowfish, DES, Gost,
Idea, RC5, Safer, Square, Twofish, RC6, Loki97, etc.

DOI: 10.9790/0661-1806046773 www.iosrjournals.org 67 | Page

 An Overview of the RC4 Algorithm

Fig. 1 RC4 Algorithm

RC4 is a proprietary symmetric encryption stream created by RSA Data Security, Inc. The distribution
is initiated from a source code that is believed to be as RC4 and published anonymously in 1994 [6]. The
published algorithm is very synonymous with the implementation of the RC4 on the official product. RC4 is
widely used in multiple applications and is commonly expressed very safe.
RC4 key generation is divided into several stages. Figure 2describes the stages of the RC4.S-Box
initialization is to arrange the password occupied to be the byte array. Meanwhile, the permutation is to do the
new byte array to as long as the plaintext available. The new key will be encrypted to the plaintext. It generates
the ciphertext.

Fig. 2 RC4 Stages

In RC4 cryptography, this algorithm has an S-Box, S [0], S [1], ..., S [255], which contains a permutation of the
numbers 0 to 255 where the permutation is a function key K, with an effective length.Figure 3describes the
generation of the S-Box.

DOI: 10.9790/0661-1806046773 www.iosrjournals.org 68 | Page

 An Overview of the RC4 Algorithm

Fig. 3S-Box Generator

The composition of the S-Box on the same RC4 may occur. This arrangement resulted in algorithms are
vulnerable. It occurs because the value of the same pseudorandom often raised repeatedly, this occurs because
the user key is repeated to fill 256 bytes array [7]. Although this method allows the use of variable length can
reach 256 bytes, there no one use such length. If the user occupies eight bytes key length, it will be repeated 16
times to fill the byte array.
RC4 encryption is the XOR process between data bytes and pseudorandom byte stream generated from
the key [7]; then the attacker will be possible to determine some of the original messages by performing byte
XOR process on the two sets of cipher bytes when some unknown plaintext byte.
For example, "A" successfully intercepted two different message encrypted using a stream cipher
algorithm using the same key. "A" performs XOR to the ciphertext process is successfully taken to eliminate the
influence of key series. If the "A" managed to find out the plaintext of one of the encrypted message is then "A"
will easily get another message plaintext without knowing the key.

Fig. 4Encryption Process

The RC4 algorithm has two phases, key generation, and encryption. Key generation is the first step and
the most difficult in this algorithm. The encryption key is used to generate a variable encryption that uses two
arrays, state and keys, and the results of merging operations. This merger operation consists of swapping,
modulo, and other formulas. Modulo operation is the process that produces the residual value of the shares. For
example, 11 divided by 4 is 2 with the rest of division is 3, if 7 modulo 4, it will produce 3. The variable
emerges from the encryption key generation process will be conducted XOR with the plaintext to produce
encrypted text.

i := 0
j := 0
while GeneratingOutput:
i := (i + 1) mod 256
j := (j + S[i]) mod 256
swap values of S[i] and S[j]
K := S[(S[i] + S[j]) mod 256]
output K
endwhile

DOI: 10.9790/0661-1806046773 www.iosrjournals.org 69 | Page

 An Overview of the RC4 Algorithm

XOR is a logical operation that compares two binary bits. If the difference is worth, it will produce a
value of 1. If both bits equal then, the result is 0. Then the recipient will decrypt the message by clicking XOR
of return with the same key that generated the message from plain text. Figure 4 describes the encryption
process.

III. Methodology
RC4 generate the pseudorandom key stream. Just as a stream cipher, it can be used for encryption by
combining the plaintext using XOR while decryption is done in the same way as well. This process is similar to
the Vernam cipher except that bit pseudorandom generated.To generate the keystream, the cipher using a secret
internal state which consists of two parts:
1. A permutation of all 256 byte ASCII.
2. Two eight-bits-pointer indexes, "i" and "j".
A permutation is initialized with a variable length key, typically between 40 and 256 bits, using the
key-scheduling algorithm. Furthermore, the bit stream generated using pseudo-random generation algorithm
(PRGA). More specifically, RC4 operates with the following steps:

Perform initialization of S
How it works sbox initialization RC4 algorithm that first, S [0], S [1], ..., S [255], with the numbers 0
to 255. First, the variable S will be filled with numbers from 0 to 255 in sequence S [0 ] = 0, S [1] = 1, ..., S
[255] = 255. Then initialize another array, e.g., array K with a length of 256. The contents of the array K with a
key that is repeated until the entire array K [0], K [1], ..., K [255] filled. S-Box initialization process is written as
follows:

Keystream
Keystream value search is done by exchanging again between elements S, but one value S stored in the K which
is then used as a key stream. More details can be seen in the following pseudocode.

for i from 0 to 255

S[i] := i
endfor
j := 0
for i from 0 to 255
j := (j + S[i] + key[i
mod keylength]) mod 256
swap values of S[i] and
S[j]
endfor

IV. Result and Discussion

This section describes the usage of the RC4 algorithm. Assume the key is “THIS IS THE GOOD KEY”. Table
1 shows the byte and index of the key provided.

Table1 Key
1 2 3 4 5 6 7 8 9 10
84 72 73 32 32 73 83 32 84 72
T H I S I S T H
11 12 13 14 15 16 17 18 19 20
69 32 71 79 79 68 32 75 69 89
E G O O D K E Y

From the key generated above, the S-Box values can be determined by using the previous formula. Table 2
shows the S-Box value of the earlier key.

DOI: 10.9790/0661-1806046773 www.iosrjournals.org 70 | Page

 An Overview of the RC4 Algorithm

Table2S-Box values
S-BOX GENERATOR
95 157 19 213 92 176 9 22
140 236 30 82 11 62 207 179
239 63 50 232 106 199 38 225
200 42 151 210 66 118 25 206
33 100 152 125 39 172 48 149
6 15 183 53 129 247 136 216
24 153 208 171 224 156 57 80
178 137 181 31 133 211 111 169
35 201 79 56 26 131 89 68
28 217 186 209 103 196 168 191
69 112 164 139 240 21 194 114
55 20 76 142 159 124 174 231
205 173 78 113 158 37 233 128
188 195 60 175 192 189 107 138
190 245 250 96 23 12 4 237
146 154 243 36 184 248 244 147
230 1 116 215 141 228 185 61
204 160 46 177 91 241 166 70
162 5 64 212 41 122 83 235
202 67 49 145 90 219 34 234
87 7 119 81 29 75 97 0
3 246 8 249 167 44 32 14
135 163 182 58 155 85 123 99
17 197 27 229 226 252 214 101
221 134 117 148 47 180 193 255
242 45 161 86 2 254 73 115
150 251 104 143 54 40 16 43
10 71 13 109 88 105 222 110
130 144 108 59 198 51 102 84
170 187 98 253 218 165 121 132
220 77 238 65 72 18 94 52
203 126 223 93 127 74 120 227

The key is ready to be used for now. For example, the plaintext is “NO ONE CAN SAVE FROM DEATH”.

A. Encryption:
For example, draw the first character of the plaintext. The char is “N”. The convert it to byte number; it results
78 in decimal format.
Set the first value of i and j to zero (i = 0, j = 0) as well. Finally, perform the calculation to generate the “K”
value.
i = (i + 1) mod 256
=1
j = (j + S[i]) mod 256
= 0 + 157
= 157

S[i] = S[1] = 157

S[j] = S[157] = 219 then swap
S[i] = S[1] = 219
S[j] = S[157] = 157

t = (S[i] + S[j]) mod 256

= (219 + 157) mod 256
= 120

K = S[t]
= S[120]
= 146

The “K” value has been determined. It will be used to convert the plaintext to ciphertext using XOR operation.
The following value is the ciphertext byte of the first plaintext character.

DOI: 10.9790/0661-1806046773 www.iosrjournals.org 71 | Page

 An Overview of the RC4 Algorithm

CT = CT ⊕ K
= 78⊕146
= 220

Table 3Encryption result

ENCRYPTION PROCESS
NO PT K CT
1 N 78 146 220 Ü
2 O 79 49 126 ~
3 32 197 229 å
4 O 79 218 149 •
5 N 78 85 27
6 E 69 181 240 ð
7 32 15 47 /
8 C 67 63 124 |
9 A 65 238 175 ¯
10 N 78 237 163 £
11 32 66 98 b
12 S 83 159 204 Ì
13 A 65 9 72 H
14 V 86 51 101 e
15 E 69 39 98 b
16 32 212 244 ô
17 F 70 132 194 Â
18 R 82 193 147 “
19 O 79 62 113 q
20 M 77 153 212 Ô
21 32 74 106 j
22 D 68 245 177 ±
23 E 69 9 76 L
24 A 65 190 255 ÿ
25 T 84 226 182 ¶
26 H 72 133 205 Í

Table 3 shows the complete result of the ciphertext. The ciphertext generated is
“Ü~å•ð/|¯£bÌHebô“qÔj±Lÿ¶Í”.

B. Decryption:
From the ciphertext “Ü~å•ð/|¯£bÌHebô“qÔj±Lÿ¶Í”, the first character is “Ü”. The convert it to byte number;
it results 220 in decimal format.

Set the first value of i and j to zero (i = 0, j = 0). Finally, do the similar calculation to previous calculation to
generate the “K” value.

i = (i + 1) mod 256
=1
j = (j + S[i]) mod 256
= 0 + 157
= 157

S[i] = S[1] = 157

S[j] = S[157] = 219 then swap
S[i] = S[1] = 219
S[j] = S[157] = 157

t = (S[i] + S[j]) mod 256

= (219 + 157) mod 256
= 120

K = S[t]
= S[120]
= 146

DOI: 10.9790/0661-1806046773 www.iosrjournals.org 72 | Page

 An Overview of the RC4 Algorithm

The “K” value has been determined. It will be used to convert the ciphertext back to plaintext using XOR
operation as well. The following value is the plaintext byte of the first ciphertext character.

PT = CT ⊕ K
= 220 ⊕ 146
= 78
Table 4 Decryption result
DECRYPTION PROCESS
NO CT K PT
1 Ü 220 146 78 N
2 ~ 126 49 79 O
3 å 229 197 32
4 • 149 218 79 O
5 27 85 78 N
6 ð 240 181 69 E
7 / 47 15 32
8 | 124 63 67 C
9 ¯ 175 238 65 A
10 £ 163 237 78 N
11 b 98 66 32
12 Ì 204 159 83 S
13 H 72 9 65 A
14 e 101 51 86 V
15 b 98 39 69 E
16 ô 244 212 32
17 Â 194 132 70 F
18 “ 147 193 82 R
19 q 113 62 79 O
20 Ô 212 153 77 M
21 j 106 74 32
22 ± 177 245 68 D
23 L 76 9 69 E
24 ÿ 255 190 65 A
25 ¶ 182 226 84 T
26 Í 205 133 72 H

Table 4 shows the complete result of the plaintext. The plaintext is “NO ONE CAN SAVE FROM DEATH”.

V. Conclusion
One of the weaknesses of RC4 is the high possibility of similar S-Box table; this occurs because the
user key is repeated to fill 256 bytes. To overcome this can use a hash function to verify the authenticity of the
ciphertext and key. Another shortcoming is that RC4 encryption is the XOR between the data bytes and the
pseudo-random byte stream generated from the key, then the attacker will be possible to determine some of the
original message byte XOR with two sets of cipher bytes when some of the input messages known.

VI. Future Scope

To overcome the disadvantages of this method, can use the initialization vector that is different for each
data, so for the same file will produce a different ciphertext. It is not the secret values since it is used only so
that every encryption process will generate a different ciphertext. To further enhance the security of this method,
it can also be developed a better initialization key. The use of 256-byte key will allow an intruder to perform
repeated permutations. Key modification is necessary to strengthen the security level RC4 algorithm.

References
[1]. T. D. B. Weerasinghe, “Analysis of a Modified RC4 Algorithm,” International Journal of Computer Applications, vol. 51, no. 22,
2012.
[2]. L. Stošić dan M. Bogdanović, “RC4 Stream Cipher and Possible Attacks on WEP,” International Journal of Advanced Computer
Science and Applications, pp. 110-114, 2012.
[3]. P. Jindal dan B. Singh, “A Survey on RC4 Stream Cipher,” I. J. Computer Network and Information Security, pp. 37-45, 2015.
[4]. A. P. U. Siahaan, “RC4 Technique in Visual Cryptography RGB Image Encryption,” International Journal of Computer Science and
Engineering, vol. 3, no. 7, pp. 1-6, 26 04 2016.
[5]. A. P. U. Siahaan, “Blum Blum Shub in Generating Key in RC4,” International Journal of Science & Technoledge, vol. 4, no. 10, pp.
1-5, 2016.
[6]. L. M. Nannaka, H. Singarapu dan R. Puli, “Remodelling RC4 Algorithm for Secure Communication for WEP/WLAN Protocol,”
Global Journal of Researches in Engineering, Electrical and Electronics Engineering, vol. 12, no. 5, pp. 37-39, 2012.
[7]. N. Sinha, M. Chawda dan K. Bhamidipati, “Enhancing Security of Improved RC4 Stream Cipher by Converting into Product
Cipher,” International Journal of Computer Applications, vol. 94, no. 18, pp. 17-21, 2014.

DOI: 10.9790/0661-1806046773 www.iosrjournals.org 73 | Page