Stream cipher for CortexM4

[dotm]

Hi.
I'm recently looking for a fast stream cipher implementation in C. It should:
- use very little RAM
- be quite fast
- its implementation should be real single value in&out. Not a pointer to a buffer, but char in - char out.
- any needed prng should be delivered as well and also use very little ram.
- strength must not be very high, but nothing like rot13
any recommendations?

[pablo2048]

I think there is no algorithm for "real single value in&out"  - so i suggest xtea - it's very fast, no known attack...

[dotm]

I think there is no algorithm for "real single value in&out"  - so i suggest xtea - it's very fast, no known attack...

Xtea is a block cipher according to wikipedia.

[pablo2048]

Xtea is a block cipher according to wikipedia.

Yes it is - I think that You can implement stream cipher over block cipher (if You don't want to end with RC4, or ordinary XOR function)...

[an007_rld]

Hi dotm,
Any char based encryption is more or less a joke; what can you do? ... XOR maybe?

If you need encryption please consider block based encryption even the block size it's small...

This is my 5cents advice...

-an

[dotm]

Hi dotm,
Any char based encryption is more or less a joke; what can you do? ... XOR maybe?

If you need encryption please consider block based encryption even the block size it's small...

This is my 5cents advice...

-an

Are you serious? A stream cipher works as well as block cipher. There are tons of stream cipher out there, i just wanted to avoid rewriting any of them from buffer in/out to char in/out.

[wild]

Even if really simple, can this be interesting?
http://partners.adobe.com/public/developer/en/font/T1_SPEC.PDF (pages 67-71 of PDF, 61-65 of the document)
it uses very low resources!

[str67]

Hi dotm,

RC4 is likely the most widely used stream cipher. I found an implementation in C on the web which seems to me quite usable for your purposes.

Code:

#include <stdio.h>
#include <stdint.h>
#include <assert.h>


typedef uint8_t byte;
typedef struct
{
    byte i, j;
    byte S[256];
} Rc4State;

void swap(byte *a, byte *b)
{
    byte temp = *a;
    *a = *b;
    *b = temp;
}

/*Initialization & initial permutation
also initialize i&j counters in state for stream generation*/
void initState(const byte K[256], int keylen, Rc4State *state)
{
    byte T[256];
    assert(keylen>=1 && keylen<=256);
    int i;
    for(i = 0; i < 256; i++) {
        state-> S[i] = i;
        T[i] = K[i % keylen];
    }

    //Initial permutation of S
    byte *S = state->S;
    int j = 0;
    for(i = 0; i < 256; i++) {
        j = (j + S[i] + T[i]) % 256;
        swap(&S[i], &S[j]);
    }

    //Initialize counters in state
    state->i = state->j = 0;
}

/*Encrypt/Decrypt text by XORing with next byte of keystream*/
byte crypt(byte text, Rc4State *state)
{
    byte t, k;
    byte *i = &(state->i), *j = &(state->j);
    byte *S = state->S;
    *i = (*i+1) % 256;
    *j = (*j+S[*i]) % 256;
    swap(&S[*i], &S[*j]);
    t = (S[*i] + S[*j]) % 256;
    k = S[t];

    return text ^ k;
}

Hope this helps...
str

[dotm]

I found an implementation in C on the web which seems to me quite usable for your purposes.

i can't believe how simple that looks
This one uses 512 bytes memory at least. That is acceptable but not good.
I ask myself which one of these huge arrays can be made const...

[str67]

I think the minimum memory you will need for RC4 will be around 258 byte (state memory) plus k byte for the key (i.e. 8 byte for 256-bit).
In case you fix the key length you can fill up the initial state from your key data directly, without the need for the temporary array T.
That would result more or less in the minimum data memory footprint for the code.

In case that still is too much for your application, a modified cipher with less security might be an option (smaller state variable?).

str

[pablo2048]

I think the minimum memory you will need for RC4 will be around 258 byte (state memory) plus k byte for the key (i.e. 8 byte for 256-bit).
In case you fix the key length you can fill up the initial state from your key data directly, without the need for the temporary array T.
That would result more or less in the minimum data memory footprint for the code.

In case that still is too much for your application, a modified cipher with less security might be an option (smaller state variable?).

str

Key can be stored in Flash memory. The only static RAM used is RC4 context (RC4state), work buffer (T) is allocated dynamically on the stack and AFAIK this

Code:

j = (j + S[i] + T[i]) % 256;

can be written as

Code:

j = (j + S[i] + K[i % keylen]) % 256;

thus eliminating T buffer completely...