I've been working on several projects involving encryption recently, most of which involve a CPAN module that I wrote, Crypt::RC4. In the process, I might have come up with an enhancement to RC4 encryption, but I need some input from the Monks. If you aren't familiar with, or don't have an interest in the guts of encryption, particularly as is pertains to perl, you might want to bail out here. For those of you that are still here, come with me to the dark oubliette beneath these cloistered halls.

I was looking at the Triple DES algorithm, which was devised to strengthen the DES encryption algorithm. Triple DES simply performs DES encryption a number of times with a number of keys. This traditionally is done with 3 different keys, the first and second keys being the same with the third key being different, or with all three keys being the same. Further, you can either encrypt three times (referred to as EEE), or encrypt with the first key, decrypt with the second key, and encrypt with the third key (referred to as EDE). The purpose is to diffuse the plaintext even more than is done with a single iteration. It was at this point an idea for doing the same thing with RC4 popped into my head. To that end, I modified my RC4 module and came up with this:
package Crypt::TripleRC4;

use strict;
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK);

require Exporter;

@ISA     = qw(Exporter AutoLoader);
@EXPORT  = qw(TripleRC4);
$VERSION = '0.01';

sub TripleRC4 {
    my ( $key, $text, $mode ) = @_;
    my ( $text1, $text2, $text3 ) = undef;
    my $key2 = _RC4( $key, $key );
    my $key3 = $key2 ^ $key;
    if ( $mode =~ /e/i ) {
        $text1 = _RC4( $key,  $text );
        $text2 = _RC4( $key2, $text1 );
        $text3 = _RC4( $key3, $text2 );
    } elsif ( $mode =~ /d/i ) {
        $text1 = _RC4( $key3, $text );
        $text2 = _RC4( $key2, $text1 );
        $text3 = _RC4( $key,  $text2 );
    } else {
        return undef;
    }
    return $text3;
}

sub _RC4 {
    my $x = 0;
    my $y = 0;

    my $key = shift;
    my @k   = unpack( 'C*', $key );
    my @s   = 0 .. 255;

    for ( $x = 0 ; $x != 256 ; $x++ ) {
        $y = ( $k[ $x % @k ] + $s[$x] + $y ) % 256;
        @s[ $x, $y ] = @s[ $y, $x ];
    }

    $x = $y = 0;

    my $z = undef;

    for ( unpack( 'C*', shift ) ) {
        $x = ( $x + 1 ) % 256;
        $y = ( $s[$x] + $y ) % 256;
        @s[ $x, $y ] = @s[ $y, $x ];
        $z .= pack( 'C', $_ ^= $s[ ( $s[$x] + $s[$y] ) % 256 ] );
    }

    return $z;
}

1;
__END__

=head1 NAME

Crypt::TripleRC4 - Modified perl implementation of the RC4 encryption 
+algorithm

=head1 SYNOPSIS

  use Crypt::TripleRC4;
  $encrypted = TripleRC4( $passphrase, $plaintext, "e" );
  $decrypt = TripleRC4( $passphrase, $encrypted, "d" );

=head1 DESCRIPTION

This differs from standard RC4 in that three keys are used to encrypt 
+the text. KEY1 is the key 
entered by the user.  KEY2 is KEY1 encrypted using itself as the key. 
+ KEY3 is KEY2 ^ KEY1.  
I am uncertain as to what, if any, benefit is provided by this, hence 
+the reason I'm posting 
this to Perlmonks.  The idea for TripleRC4 stems from TripleDES.

=head1 AUTHOR

Kurt Kincaid (sifukurt@yahoo.com)

=head1 SEE ALSO

perl(1), http://www.cypherspace.org, http://www.rsasecurity.com

=cut

[download]

Essentially what it does is encrypt with RC4 three different times, each time with a different key. My question is what benefit, if any, is gained by this? And is there a better way to implement this, provided that there is a benefit? Logically, it seems to me that this would further diffuse the plaintext. However, I submit the idea and the code to the Eminent Perl Monks for dissection.

Thanks for your time. I look forward to any feedback that you may have.

In reply to Encryption: RC4 enhancement? by sifukurt

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.