Paper 2016/856

Spritz---a spongy RC4-like stream cipher and hash function.

Ronald L. Rivest and Jacob C. N. Schuldt

Abstract

This paper reconsiders the design of the stream cipher RC4, and proposes an improved variant, which we call ``Spritz'' (since the output comes in fine drops rather than big blocks.) Our work leverages the considerable cryptanalytic work done on the original RC4 and its proposed variants. It also uses simulations extensively to search for biases and to guide the selection of intermediate expressions. We estimate that Spritz can produce output with about 24 cycles/byte of computation. Furthermore, our statistical tests suggest that about $2^{81}$ bytes of output are needed before one can reasonably distinguish Spritz output from random output; this is a marked improvement over RC4. [Footnote: However, see Appendix F for references to more recent work that suggest that our estimates of the work required to break Spritz may be optimistic.] In addition, we formulate Spritz as a ``sponge (or sponge-like) function,'' (see Bertoni et al.), which can ``Absorb'' new data at any time, and from which one can ``Squeeze'' pseudorandom output sequences of arbitrary length. Spritz can thus be easily adapted for use as a cryptographic hash function, an encryption algorithm, or a message-authentication code generator. (However, in hash-function mode, Spritz is rather slow.)

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint.
Keywords
RC4Spritzstream ciphersponge functionAbsorbSqueezeencryptionmessage authentication codecryptographic hash function.
Contact author(s)
rivest @ mit edu
History
2016-09-07: received
Short URL
https://ia.cr/2016/856
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/856,
      author = {Ronald L.  Rivest and Jacob C.  N.  Schuldt},
      title = {Spritz---a spongy {RC4}-like stream cipher and hash function.},
      howpublished = {Cryptology {ePrint} Archive, Paper 2016/856},
      year = {2016},
      url = {https://eprint.iacr.org/2016/856}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.