Cryptosmith

A reader asked for more details on the RC4 and block cipher mode functions I wrote in Matlab.

To recap, I needed a ‘block cipher’ to produce a complete example of how a straight block cipher fails to hide large patterns in the output, and how an appropriate block cipher mode yields something akin to white noise.

Wikipedia has a “penguin” example with a block encrypted version (penguin still visible) and a block of white noise. The white noise represents what the block mode output is supposed to look like as opposed to being the genuine output of a block cipher mode. So I built this ‘real’ example, more or less.

I didn’t have a block cipher that worked with small blocks. But I knew it wasn’t hard to implement RC4. So I created a function to map 8 bytes of data into 8 bytes of ‘ciphertext’ to simulate the block cipher.

The RC4 algorithm I use is somehow flawed – it doesn’t create the same key schedule you get from the same key run through the sample RC4 posted in Wikipedia.

Here are my Matlab functions. I added “.txt” as a suffix since otherwise WordPress wouldn’t let me post them. And WordPress removed the dot between the .m and the file name, so the file “cim.m” became “cimm.txt”

There are 3 sets of functions: a set to do codebook encryption, a set to do a crypto mode (cipher block chaining), and a set of functions used by both. Both codebook and mode encryption takes a 128 x 128 x 3 matrix of 8-bit color values derived from a 3-color JPEG image.

First, here are the functions to do ‘codebook’ encryption:

• cim.m – takes the image and returns the encrypted matrix
• rc4set.m – takes 8 byte vector of plaintext and simulates block encryption using RC4, returning 8 encrypted bytes.

And here are the functions to do “CBC” encryption:

• cmode.m – takes an image and returns the encrypted matrix
• rc4cbc.m – takes 8 byte vector of plaintext, and 8 byte vector of ciphertext from the previous encryption, applies CBC, and returns 8 bytes of ciphertext
• set8.m – utility function takes an 8 byte vector and assigns the contents to 8 result values. Seems like an inelegant way to do it, but it works.

Those functions call these functions, most of which I posted earlier . However, I accidentally omitted rc4make.

• rc4make.m – takes an integer value for the “output count” and a byte vector for the “key” and runs RC4, generating the number of bytes of keystream specified by “output count.”
• rc4key.m – KNOWN INCORRECT – takes a byte vector as a key and generates the 256-byte RC4 key schedule. There seems to be a flaw – it does NOT generate the same key schedule as the sample RC4 code posted on Wikipedia. But it serves effectively as a key schedule.
• rc4out.m – takes RC4 input state variables i and j, and the key schedule, and generates a byte of key stream, plus updated values of i, j, and the key schedule.

If you want more details about how and why the rc4key schedule function is broken, look at my earlier post.

The earlier post also talked about getting a bad result from the CBC mode. As I explained back there, I chalk it up to using an 8-byte key with RC4. I use effectively a 16-byte key in the functions above. Essentially you have to change rc4cbc to omit the kf vector, and just use the xo result directly as the key.

I should probably redo the whole thing with AES since there is a Matlab AES implementation out there. However, the result won’t be significantly different.

Posted under Security & Tech Teaching | No Comments »