Back to Homepage
VMPC One-Way Function P vs NP Project VMPC Encryption Technology VMPC-R CSPRNG VMPCrypt Application Permutu Game Publications About Author Contact


VMPC Stream Cipher

1. VMPC Stream Cipher
2. VMPC Key Scheduling Algorithm
3. Test output of the VMPC Stream Cipher using VMPC-KSA
4. Test output of the VMPC Stream Cipher using VMPC-KSA3

See also:
VMPC-MAC Authenticated Encryption Scheme
VMPC-KSA3 Key Scheduling Algorithm
VMPC-R Cryptographically Secure Pseudo-Random Number Generator


Download VMPC Encryption Technology Implementation:
VMPC Encryption Technology Implementation in C
VMPC Encryption Technology Implementation in Pascal/Delphi
VMPC Encryption Technology Implementation in Assembler

Download FSE'04 paper
"VMPC One-Way Function
and Stream Cipher":
vmpc.pdf (171 KB)
vmpc.ps (289 KB)
vmpc.dvi (55 KB)

Earlier paper
"VMPC One-Way Function"
available at IACR ePrint archive





1. VMPC Stream Cipher

The VMPC Stream Cipher is a proposed extension of the VMPC one-way function into an encryption algorithm. It was published at the Fast Software Encryption (FSE) conference in 2004.

VMPC Stream Cipher can be regarded as a more secure alternative to the popular RC4 algorithm designed by Ron Rivest.

Compared to RC4 - VMPC Stream Cipher offers higher security level (of both the cipher itself and of the Key Scheduling Algorithm), higher statistical quality of the generated keystream, similar level of implementation simplicity and only slightly lower efficiency.

VMPC Stream Cipher offers authenticated encryption mode with 160-bit MAC (Message Authentication Code) tags. For more details please refer to the VMPC-MAC specification.

The cipher generates a stream of 8-bit values from an internal state comprising a 256-byte permutation and two 8-bit integer variables. The generated values should be xored with the plaintext to derive the ciphertext. The initial value of the cipher's internal state is determined by the VMPC Key Scheduling Algorithm described in section 2. The number of possible values of the cipher's internal state is 256!*2562=21700.


VMPC Stream Cipher internal state:

  P  :  256-byte table storing a permutation of integers {0,1,...,255}
  n, s  :  8-bit integer variables
  L  :  length of message in bytes
  +     denotes addition modulo 256


Table 1. VMPC Stream Cipher algorithm
repeat steps 1-4 L times:

   1. s = P[ s + P[n] ]
   2. output = P[P[P[s]]+1]
   3. swap P[n] with P[s]
   4. n = n + 1







2. VMPC Key Scheduling Algorithm

The VMPC Key Scheduling Algorithm transforms a cryptographic key and an Initialization Vector into the cipher's internal state.

The VMPC-KSA algorithm comes in two variants:
  • Basic VMPC-KSA as published at the FSE 2004 conference
  • Later developed VMPC-KSA3 (about 1/3 slower but offering an additiona layer of security)
Table 2 presents both the basic VMPC-KSA algorithm and the VMPC-KSA3. The only difference between them is one additional mixing round in the VMPC-KSA3 (step 3 in Table 2). Other than that the algorithms are identical.

The VMPC-KSA3 variant was developed in further research after the FSE 2004 conference.
See the security analysis of the VMPC-KSA3 algorithm.

Both algorithms (Basic VMPC-KSA and VMPC-KSA3) are be recommended for use. The development of VMPC-KSA3 was not implied by any weaknesses of the basic VMPC-KSA algorithm. Instead VMPC-KSA3 was developed to provide an additional layer of security to reduce (to some extent) the security loss in the event of a hypothetical successful internal-state-recovery attack. This comes at the cost of about 1/3 lower efficiency of the KSA resulting from re-inputting the secret key to the KSA (step 3). Other than that the algorithms are the same (the round functions of VMPC-KSA and VMPC-KSA3 are identical).

The choice between VMPC-KSA and VMPC-KSA3 is an individual decision. Whenever the lower efficiency of VMPC-KSA3 is acceptable, VMPC-KSA3 is a better choice. At the same time the more efficiency-demanding applications can comfortably employ the basic VMPC-KSA without any security worries.


Notation as in section 1, with:
  n, s  
  k  :  length of the cryptographic key in bytes; k ∈ {16,17,...,64}
  K  :  k-byte table storing the cryptographic key
  v  :  length of the Initialization Vector in bytes; v ∈ {16,17,...,64}
  V  :  v-byte table storing the Initialization Vector
  i  :  temporary integer variable
  +     denotes addition modulo 256

Table 2. VMPC Key Scheduling Algorithm (VMPC-KSA / VMPC-KSA3)
0. s = 0;  P[i] = i  for i ∈ {0,1,...,255}

Basic VMPC-KSA variant:

1. KSARound(K, k)
2. KSARound(V, v)
VMPC-KSA3 variant:

1. KSARound(K, k)
2. KSARound(V, v)
3. KSARound(K, k)

Function KSARound(M, m) definition:
  4. n = i = 0
  5. repeat steps 6-9  768  times:
      6. s = P[ s + P[n] + M[i] ]
      7. swap P[n] with P[s]

      8. i = (i + 1) mod m
      9. n = n + 1


For more information on the VMPC-KSA3 variant see security analysis of the VMPC-KSA3 algorithm






3. Test output of the VMPC Stream Cipher using the basic VMPC-KSA

16 bytes of a 102.400-byte data-stream generated by the VMPC Stream Cipher for a given key and a given Initialization Vector are shown in Table 3. The internal state of the cipher is initialized with the basic VMPC-KSA algorithm.


Table 3. Example data-stream generated by the VMPC Stream Cipher with VMPC-KSA
Key
(hex)
96, 61, 41, 0A, B7, 97, D8, A9, EB, 76, 7C, 21, 17, 2D, F6, C7
Initialization Vector
(hex)
4B, 5C, 2F, 00, 3E, 67, F3, 95, 57, A8, D2, 6F, 3D, A2, B1, 55
Output-byte number
(dec)
0 1 2 3 252 253 254 255
Output-byte value
(hex)
A8 24 79 F5 B8 FC 66 A4
Output-byte number
(dec)
1020   1021   1022   1023   102396 102397 102398 102399
Output-byte value
(hex)
E0 56 40 A5 81 CA 49 9A





4. Test output of the VMPC Stream Cipher using the VMPC-KSA3 algorithm

16 bytes of a 102.400-byte data-stream generated by the VMPC Stream Cipher for a given key and a given Initialization Vector are shown in Table 4. The internal state of the cipher is initialized with the VMPC-KSA3 algorithm.


Table 3. Example data-stream generated by the VMPC Stream Cipher with VMPC-KSA3
Key
(hex)
96, 61, 41, 0A, B7, 97, D8, A9, EB, 76, 7C, 21, 17, 2D, F6, C7
Initialization Vector
(hex)
4B, 5C, 2F, 00, 3E, 67, F3, 95, 57, A8, D2, 6F, 3D, A2, B1, 55
Output-byte number
(dec)
0 1 2 3 252 253 254 255
Output-byte value
(hex)
B6 EB AE FE 48 17 24 73
Output-byte number
(dec)
1020   1021   1022   1023   102396 102397 102398 102399
Output-byte value
(hex)
1D AE C3 5A 1D A7 E1 DC


For the VMPC-KSA3 key Scheduling Algorithm for the VMPC Stream Cipher, see VMPC-KSA3 specification.

For a scheme of authenticated encryption based on the VMPC Stream Cipher, see the VMPC-MAC specification.

For further analysis of the algorithms, see the Research section.


Home  |   VMPC Function  |   VMPC-R CSPRNG  |   VMPC Stream Cipher  |   VMPC-MAC scheme  |   VMPC KSA3 algorithm  |   Research  |   Inverting Challenge
P vs NP Project  |   VMPCrypt Application  |   Permutu Game  |   Publications  |   About Author  |   Contact

Copyright © 1999-2019 by Bartosz Zoltak