[554] in cryptography@c2.net mail archive
Re: RC4 rollback/rollforward question
daemon@ATHENA.MIT.EDU (Jim Gillogly)
Wed Apr 16 12:34:48 1997
Date: Wed, 16 Apr 1997 09:20:59 -0700
From: jimg@mentat.com (Jim Gillogly)
To: cryptography@c2.net, rodney@sabletech.com
Rodney Thayer asks:
> The comment has been made that you can deal with out of order input to a
> streaming cipher, like RC4. One thing I didn't quite catch was what you do
> to "roll forward" the RC4 state so you can handle this case:
>
> stream offset xxx data aaa bbb ccc ddd
> stream offset xxx+yyy data eee fff ggg hhh
After initialization, RC4 produces one "cryptographically random" byte each
time it's called. Since this byte does not depend on the plaintext, to get
to offset yyy you simply need to call it yyy times in a loop, ignoring the
results. When it's done you're ready to start with eee. Rolling forward
is indeed trivial.
This is unlike a CBC-type application, where you need to recover everything
between xxx and yyy to start work on yyy.
Jim Gillogly
