RC4 & Pseudorandom Number Generator

Explore the RC4 stream cipher and understand how Pseudorandom Number Generators work. RC4 uses PRNG to generate a keystream that XORs with plaintext.

Input

Key Length: 6 characters

Cleaned: HELLO

RC4 Components
1. S-box: 256-element state array [0-255]
2. KSA: Key Scheduling Algorithm - initializes S-box
3. PRGA: Pseudorandom Generation Algorithm - creates keystream
4. XOR: Combines plaintext with keystream
RC4 Stream Cipher Overview

What is RC4?

RC4 (Rivest Cipher 4) is a stream cipher that generates a pseudorandom keystream from a secret key. The keystream is XORed with plaintext to produce ciphertext. It's simple, fast, but now considered weak for many applications.

How It Works

Step 1
Key Scheduling (KSA): Processes the secret key to initialize a 256-element state array (S-box) through permutations.
Step 2
Pseudorandom Generation (PRGA): Uses the initialized S-box to generate a pseudorandom byte stream called the keystream.
Step 3
Encryption: XOR each plaintext byte with the corresponding keystream byte to produce ciphertext.

Pseudorandom Number Generator (PRNG)

A PRNG generates a sequence of numbers that appear random but are deterministic - given the same seed (key), it always produces the same sequence. RC4's PRGA is the PRNG that generates keystream bytes using the initialized S-box and two counters (i, j).

Encryption Result

Plaintext

HELLO

Ciphertext

ERGZM

Key Concepts & Security

Stream Cipher vs Block Cipher

RC4 is a stream cipher - it encrypts one byte at a time with a unique keystream byte. Block ciphers encrypt fixed-size blocks. Stream ciphers are faster but have different security properties.

Pseudorandom Properties

The keystream appears random but is deterministic - the same key always produces the same keystream. This determinism is essential for decryption (C XOR Keystream = P).

Why RC4 is Weak

RC4 has biases in its keystream output, especially in early bytes. The first 256 bytes should be discarded. The entire first 256 bytes should be skipped in modern implementations. Modern alternatives: AES, ChaCha20.

Applications

Historically used in SSL/TLS, WEP, WPA. Now deprecated in most standards due to security weaknesses. Useful for understanding stream ciphers and PRNG concepts in cryptography education.

Note: This implementation is for educational purposes only. Never use RC4 for real-world security. The demonstration omits the recommended practice of discarding the first 256 bytes of keystream output.