|
1. VMPC Stream Cipher
The VMPC Stream Cipher is a proposed extension of the VMPC one-way function
into an encryption algorithm. It was published at the
Fast Software Encryption (FSE) conference in 2004.
VMPC Stream Cipher can be regarded as a more secure alternative to the popular
RC4 algorithm designed by Ron Rivest.
Compared to RC4 - VMPC Stream Cipher
offers higher security level (of both the cipher itself and of the Key Scheduling Algorithm),
higher statistical quality of the generated keystream,
similar level of implementation simplicity and only slightly lower efficiency.
VMPC Stream Cipher offers authenticated encryption mode with 160-bit
MAC (Message Authentication Code) tags. For more details please refer to the
VMPC-MAC specification.
The cipher generates a stream of 8-bit values from an internal state comprising
a 256-byte permutation and two 8-bit integer variables. The generated
values should be xored with the plaintext to derive the ciphertext.
The initial value of the cipher's internal state is determined
by the VMPC Key Scheduling Algorithm described in section 2.
The number of possible values of the cipher's internal state is 256!*2562=21700.
VMPC Stream Cipher internal state:
|
P |
: 256-byte table storing a permutation of integers {0,1,...,255} |
|
n, s |
: 8-bit integer variables |
|
L |
: length of message in bytes |
|
+ |
denotes addition modulo 256 |
|
Table 1. VMPC Stream Cipher algorithm |
repeat steps 1-4 L times:
1. s = P[ s + P[n] ]
2. output = P[P[P[s]]+1]
3. swap P[n] with P[s]
4. n = n + 1
|
|
|
2. VMPC Key Scheduling Algorithm
The VMPC Key Scheduling Algorithm transforms a cryptographic
key and an Initialization Vector into the cipher's internal state.
The VMPC-KSA algorithm comes in two variants:
- Basic VMPC-KSA as published at the FSE 2004 conference
- Later developed VMPC-KSA3 (about 1/3 slower but offering an additiona layer of security)
Table 2 presents both the basic VMPC-KSA algorithm and the VMPC-KSA3.
The only difference between them is one additional mixing round in the VMPC-KSA3 (step 3 in Table 2).
Other than that the algorithms are identical.
The VMPC-KSA3 variant was developed in further research after the FSE 2004 conference.
See the security analysis of the VMPC-KSA3 algorithm.
Both algorithms (Basic VMPC-KSA and VMPC-KSA3) are be recommended for use.
The development of VMPC-KSA3 was not implied by any weaknesses of the
basic VMPC-KSA algorithm. Instead VMPC-KSA3
was developed to provide an additional layer of security
to reduce (to some extent) the security loss in the event of a hypothetical successful internal-state-recovery attack.
This comes at the cost of about 1/3 lower efficiency of the KSA
resulting from re-inputting the secret key to the KSA (step 3). Other than that
the algorithms are the same (the round functions of VMPC-KSA and VMPC-KSA3 are identical).
The choice between VMPC-KSA and VMPC-KSA3 is an individual decision.
Whenever the lower efficiency of VMPC-KSA3 is acceptable, VMPC-KSA3 is a better choice.
At the same time the more efficiency-demanding applications can comfortably
employ the basic VMPC-KSA without any security worries.
Notation as in section 1, with:
|
n, s |
|
|
k |
: length of the cryptographic key in bytes; k ∈ {16,17,...,64} |
|
K |
: k-byte table storing the cryptographic key |
|
v |
: length of the Initialization Vector in bytes; v ∈ {16,17,...,64} |
|
V |
: v-byte table storing the Initialization Vector |
|
i |
: temporary integer variable |
|
+ |
denotes addition modulo 256 |
|
Table 2. VMPC Key Scheduling Algorithm (VMPC-KSA / VMPC-KSA3) |
0. s = 0; P[i] = i for i ∈ {0,1,...,255}
|
Basic VMPC-KSA variant:
1. KSARound(K, k)
2. KSARound(V, v)
|
VMPC-KSA3 variant:
1. KSARound(K, k)
2. KSARound(V, v)
3. KSARound(K, k)
|
Function KSARound(M, m) definition:
4. n = i = 0
5. repeat steps 6-9 768 times:
6. s = P[ s + P[n] + M[i] ]
7. swap P[n] with P[s]
8. i = (i + 1) mod m
9. n = n + 1
|
|
|
For more information on the VMPC-KSA3 variant see security analysis of the VMPC-KSA3 algorithm
|
3. Test output of the VMPC Stream Cipher using the basic VMPC-KSA
16 bytes of a 102.400-byte data-stream generated by the VMPC Stream Cipher
for a given key and a given Initialization Vector are shown in Table 3.
The internal state of the cipher is initialized with the basic VMPC-KSA algorithm.
Table 3. Example data-stream generated by the VMPC Stream Cipher with VMPC-KSA
Key (hex) |
96, 61, 41, 0A, B7, 97, D8, A9, EB, 76, 7C, 21, 17, 2D, F6, C7 |
Initialization Vector (hex) |
4B, 5C, 2F, 00, 3E, 67, F3, 95, 57, A8, D2, 6F, 3D, A2, B1, 55 |
Output-byte number (dec) |
0 |
1 |
2 |
3 |
252 |
253 |
254 |
255 |
Output-byte value (hex) |
A8 |
24 |
79 |
F5 |
B8 |
FC |
66 |
A4 |
Output-byte number (dec) |
1020   |
1021   |
1022   |
1023   |
102396 |
102397 |
102398 |
102399 |
Output-byte value (hex) |
E0 |
56 |
40 |
A5 |
81 |
CA |
49 |
9A |
|
|
4. Test output of the VMPC Stream Cipher using the VMPC-KSA3 algorithm
16 bytes of a 102.400-byte data-stream generated by the VMPC Stream Cipher
for a given key and a given Initialization Vector are shown in Table 4.
The internal state of the cipher is initialized with the VMPC-KSA3 algorithm.
Table 3. Example data-stream generated by the VMPC Stream Cipher with VMPC-KSA3
Key (hex) |
96, 61, 41, 0A, B7, 97, D8, A9, EB, 76, 7C, 21, 17, 2D, F6, C7 |
Initialization Vector (hex) |
4B, 5C, 2F, 00, 3E, 67, F3, 95, 57, A8, D2, 6F, 3D, A2, B1, 55 |
Output-byte number (dec) |
0 |
1 |
2 |
3 |
252 |
253 |
254 |
255 |
Output-byte value (hex) |
B6 |
EB |
AE |
FE |
48 |
17 |
24 |
73 |
Output-byte number (dec) |
1020   |
1021   |
1022   |
1023   |
102396 |
102397 |
102398 |
102399 |
Output-byte value (hex) |
1D |
AE |
C3 |
5A |
1D |
A7 |
E1 |
DC |
|
For the VMPC-KSA3 key Scheduling Algorithm for the VMPC Stream Cipher,
see VMPC-KSA3 specification.
For a scheme of authenticated encryption based on
the VMPC Stream Cipher, see the VMPC-MAC specification.
For further analysis of the algorithms, see the Research section.
|
Home |
VMPC Function |
VMPC-R CSPRNG |
VMPC Stream Cipher |
VMPC-MAC scheme |
VMPC KSA3 algorithm |
Research |
Inverting Challenge
P vs NP Project |
VMPCrypt Application |
Permutu Game |
Publications |
About Author |
Contact
|
|
|
Copyright © 1999-2019 by Bartosz Zoltak
|
|