HARDWARE IMPLEMENTATION OF THE RC4 STREAM CIPHER P. Kitsos, G. Kostopoulos, N. Sklavos, and O. Koufopavlou VLSI Design Laboratory, Electrical and Computer Engineering Department, University of Patras, Patras, Greece. e-mail: pkitsos@ee.upatras.gr Abstract - In this paper, an efficient hardware implementation of the RC4 stream-cipher is proposed. In contrary to previous designs, which support only fixed length key, the proposed implementation integrates in the same hardware module an 8-bit up to 128-bit key length capability. Independently of the key length, the proposed VLSI implementation achieves a data throughput up to 22 MBytes/sec in a maximum frequency of 64 MHz. The whole design was captured by using VHDL language and a FPGA device was used for the hardware implementation of the architecture. A detailed analysis, in terms of performance, and covered area is shown. I. INTRODUCTION The main feature of cryptography is to work out with problems, which are associated with secrecy, authentication and integrity. Cryptography also, is related with the meaning of protocol. A protocol is sequences of actions, which are concern two or more sides, designed to fulfill a goal. Thus, a cryptographic protocol is a protocol that uses cryptography. This protocol uses a cryptographic algorithm and its intention is to prevent attempts of thefts and invasions. Nowadays cryptography has been developed in a science strongly validated using terms of Theory of Statistics and Theory of Numbers [1, 2]. In order to handle all the cryptographic problems many kinds of cryptographic algorithms have been invented. The complexity of these problems made several categories of cryptographic algorithms. A much known is the RC4 stream cipher. RC4 is a variable-key-size stream cipher developed in 1987 by Ron Rivest for RSA Data Security, Inc. While some key weakness have been introduced [3], the RC4 is used for encryption in the wired equivalent privacy (WEP) [4] protocol (part of the IEEE 802.11b wireless LAN security standard), IEEE 802.11i [5], Lotus Notes, Apple computer’s AOCE and Oracle secure SQL. The IEEE 802.11i uses the Temporal Key Integrity Protocol (TKIP) and the Advanced Encryption Standard (AES) [6]. TKIP uses the RC4 stream cipher as the encryption and decryption algorithm and all involved parties must share the same secret key. The RC4 stream cipher works in two phases, key setup and ciphering. During an n-bit key setup (n is the key length), the encryption key is used to generate an encrypting variable using two arrays, state and key, and n-number of mixing operations [1]. In this paper a new hardware implementation of the RC4 stream cipher is presented. The implementation is parameterized in order to support variable key lengths. The key length could be 8-bit up to 128-bit opposed to the previous designs [7, 8, 9] that supports only fixed key lengths. The proposed implementation needs three clock cycles per byte generation, in the key setup phase, and three clock cycles per byte generation, in the ciphering phase. 768 + 3*n clock cycles needs at total, (n is the number of bytes of the plaintext/ciphertext), to complete the whole operation. Comparing with the implementations in [7, 8] the proposed one is much faster. The implementation in [9] needs the same time (768 + 3*n clock cycles) with the proposed one but works with fixed key 40-bit in length. Finally, in [10] a RC4 stream cipher software implementation is presented. In this implementation assembly language was used. On a 150 MHz Pentium achieves a throughput of 20 Mbytes/sec. The main disadvantage of this implementation is that encrypts/decrypts one byte at every seven-clock cycles resulting a rapid increment of the algorithmic latency. The paper is organized as follows. Section II describes the RC4 stream cipher. In section III the proposed architecture is presented and analyzed in details. The VLSI implementation results are shown and discussed in section IV and finally conclusions are given in section V II. RC4 STREAM CIPHER RC4 uses a variable length key from 1 to 256 bytes to initialize a 256-byte array. The array is used for subsequent generation of pseudo-random bytes and then generates a pseudorandom stream, which is XORed with the plaintext/ciphertext to give the ciphertext/plaintext. It works in Output Feedback (OFB) mode [11] of operation. There are two 256-byte arrays, S-Box and K-Box. The S-array is filled linearly, such as S 0 =0, S 1 =1, S 2 =2, ..., S 255 =255. The K-array consists of the key, repeating as necessary times, in order to fill the array. The RC4 stream cipher works in two phases. The key setup phase and the pseudorandom keystream generator phase. Both phases must be performed for every new key. Figure 1 shows the block diagram of the RC4 two phases. 1