[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: thoughts on RC4

On Sep 15,  1:05pm, Bill Sommerfeld wrote:
> Actually, I'm not sure that it's that impractical, but I don't know a
> heck of a lot about VLSI or hardware design.  A fully pipelined chip
> would require significantly more more chip area than the DES cracker,
> but you probably don't need that.

One of the issues I looked at over the weekend was the parallelization of
the key scheduler, which is definitely a non-trivial problem.  One thought
that did occur to me was that there might be a massively parallel
solution to this which has a practical implementation up to 48 bits,
but not over this.  I'll post more about this when I get some time, but
I've got to disagree with Bill here that a simple RC4 implementation (without
a parallel key schedule setup) would take more die area than a DES cracker.
Ultimately, it is a VERY simple cipher, and the VLSI implementation would
reflect this.

Even so, the release of the algorithm confirms the RSADSI position that
an exhaustive keysearch would be a slow operation, given the setup
time required for the key schedule setup.

BTW, just an idle question: why is RC4 a stream cipher, as opposed to an
8-bit block cipher?  Based on the implementation, it would seem to be the
later to me.