Path: illuminati.io.com!uunet!gatech!howland.reston.ans.net!cs.utexas.edu!not-
+     for-mail
From: ritter@io.com (Terry Ritter)
Newsgroups: sci.crypt

Subject: Re: Doing Better than XOR in RC4-like Algorithms
Date: 14 Nov 1994 18:22:05 -0600
Organization: UTexas Mail-to-News Gateway
Lines: 67
Sender: nobody@cs.utexas.edu
Message-ID: <199411150022.SAA27143@pentagon.io.com>
NNTP-Posting-Host: news.cs.utexas.edu

 In  farid@netcom.com (Farid F. El-Wailly)
 writes:


>I'd like to suggest a modification of RC4-like algorithms that would
>make them a little more resistant to the key re-use problem.
[...]
>Comments?


 I think this is getting almost to the point of offending an
 intellectual property which is somewhat more resilient than trade
 secrecy.  While the putative RC4 algorithm basically just develops
 a form of RNG which is used in a conventional stream cipher,
 Mr. El-Wailly appears to have re-invented the concept of Dynamic
 Substitution, which is protected by U.S. Patent 4,979,832:


    1.  A mechanism for combining a first data source and a second
    data source into result data, including:

       (a) substitution means for translating values from said first
       data source into said result data or substitute values, and

       (b) change means, at least responsive to some aspect of said
       second data source, for permuting or re-arranging a plurality
       of the translations or substitute values within said
       substitution means, potentially after every substitution
       operation.


 I suggest that

    buffer_ptr[counter]

 will read as the first data source, which is indeed substituted in

    state[buffer_ptr[counter],

 that

    x

 will do fine as the second data source, and that

    swap_byte state[x] and state[y]

 is the change means which permutes substitute values, and thus
 completes the definition of Dynamic Substitution.


 That said, I don't see Dynamic Substitution as a solution to the
 problem of key re-use.  A better way to support key re-use is to
 have a random message key in every message, and use the random key
 to set up the cipher to decipher the data.  This means that the
 keyspace for the data will be evenly used, and that only short and
 random "messages" will be ciphered under a fixed User Key.

 Perhaps Dynamic Substitution is just an idea whose time has finally
 come.  My Penknife and Cloak2 ciphers both use this technology to
 provide better RNG isolation, adaptive symbol-frequency flattening,
 and combiners with state, which support new combining architectures.

 ---
 Terry Ritter   ritter@io.com