ISAAC (cipher)

Last updated September 28, 2023

ISAAC (indirection, shift, accumulate, add, and count) is a cryptographically secure pseudorandom number generator and a stream cipher designed by Robert J. Jenkins Jr. in 1993.^[1] The reference implementation source code was dedicated to the public domain.^[2]

Operation

The ISAAC algorithm has similarities with RC4. It uses an array of 256 four-octet integers as the internal state, writing the results to another 256 four-octet integer array, from which they are read one at a time until empty, at which point they are recomputed. The computation consists of altering i-element with (i⊕128)-element, two elements of the state array found by indirection, an accumulator, and a counter, for all values of i from 0 to 255. Since it only takes about 19 32-bit operations for each 32-bit output word, it is very fast on 32-bit computers.

Cryptanalysis

Cryptanalysis has been undertaken by Marina Pudovkina (2001).^[4] Her attack can recover the initial state with a complexity that is approximated to be less than the time needed for searching through the square root of all possible initial states. In practice this means that the attack needs $4.67\times 10^{1240}$ instead of $10^{2466}$ . This result has had no practical impact on the security of ISAAC.^[5]

In 2006 Jean-Philippe Aumasson discovered several sets of weak states.^[6] The fourth presented (and smallest) set of weak states leads to a highly biased output for the first round of ISAAC and allows the derivation of the internal state, similar to a weakness in RC4. It is not clear if an attacker can tell from just the output whether the generator is in one of these weak states or not. He also shows that a previous attack^[7] is flawed, since the Paul-Preneel attack is based on an erroneous algorithm rather than the real ISAAC. An improved version of ISAAC is proposed, called ISAAC+.^[5]

Usage outside cryptography

Many implementations of ISAAC are so fast that they can compete with other high speed PRNGs, even with those designed primarily for speed not for security. Only a few other generators of such high quality and speed exist in usage.^{[ citation needed ]} ISAAC is used in the Unix tool shred to securely overwrite data.^[8] Also ISAAC algorithm is implemented in Java Apache Commons Math library.^[9]

Related Research Articles

In cryptography, the International Data Encryption Algorithm (IDEA), originally called Improved Proposed Encryption Standard (IPES), is a symmetric-key block cipher designed by James Massey of ETH Zurich and Xuejia Lai and was first described in 1991. The algorithm was intended as a replacement for the Data Encryption Standard (DES). IDEA is a minor revision of an earlier cipher Proposed Encryption Standard (PES).

<span class="mw-page-title-main">HMAC</span> Computer communications hash algorithm

In cryptography, an HMAC is a specific type of message authentication code (MAC) involving a cryptographic hash function and a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and authenticity of a message.

In cryptography, RC4 is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used. Particularly problematic uses of RC4 have led to very insecure protocols such as WEP.

The Mersenne Twister is a general-purpose pseudorandom number generator (PRNG) developed in 1997 by Makoto Matsumoto and Takuji Nishimura. Its name derives from the fact that its period length is chosen to be a Mersenne prime.

A stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the ciphertext stream. Since encryption of each digit is dependent on the current state of the cipher, it is also known as state cipher. In practice, a digit is typically a bit and the combining operation is an exclusive-or (XOR).

Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between the two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link. The requirement that both parties have access to the secret key is one of the main drawbacks of symmetric-key encryption, in comparison to public-key encryption. However, symmetric-key encryption algorithms are usually better for bulk encryption. With exception of the one-time pad they have a smaller key size, which means less storage space and faster transmission. Due to this, asymmetric-key encryption is often used to exchange the secret key for symmetric-key encryption.

In cryptography, an initialization vector (IV) or starting variable is an input to a cryptographic primitive being used to provide the initial state. The IV is typically required to be random or pseudorandom, but sometimes an IV only needs to be unpredictable or unique. Randomization is crucial for some encryption schemes to achieve semantic security, a property whereby repeated usage of the scheme under the same key does not allow an attacker to infer relationships between segments of the encrypted message. For block ciphers, the use of an IV is described by the modes of operation.

A cryptographically secure pseudorandom number generator (CSPRNG) or cryptographic pseudorandom number generator (CPRNG) is a pseudorandom number generator (PRNG) with properties that make it suitable for use in cryptography. It is also loosely known as a cryptographic random number generator (CRNG).

A cryptographic hash function (CHF) is a hash algorithm that has special properties desirable for a cryptographic application:

<span class="mw-page-title-main">GOST (block cipher)</span> Soviet/Russian national standard block cipher

The GOST block cipher (Magma), defined in the standard GOST 28147-89, is a Soviet and Russian government standard symmetric key block cipher with a block size of 64 bits. The original standard, published in 1989, did not give the cipher any name, but the most recent revision of the standard, GOST R 34.12-2015, specifies that it may be referred to as Magma. The GOST hash function is based on this cipher. The new standard also specifies a new 128-bit block cipher called Kuznyechik.

Bart Preneel is a Flemish cryptographer and cryptanalyst. He is a professor at Katholieke Universiteit Leuven, in the COSIC group.

Salsa20 and the closely related ChaCha are stream ciphers developed by Daniel J. Bernstein. Salsa20, the original cipher, was designed in 2005, then later submitted to the eSTREAM European Union cryptographic validation process by Bernstein. ChaCha is a modification of Salsa20 published in 2008. It uses a new round function that increases diffusion and increases performance on some architectures.

Py is a stream cipher submitted to eSTREAM by Eli Biham and Jennifer Seberry. It is one of the fastest eSTREAM candidates at around 2.6 cycles per byte on some platforms. It has a structure a little like RC4, but adds an array of 260 32-bit words which are indexed using a permutation of bytes, and produces 64 bits in each round.

Rabbit is a high-speed stream cipher from 2003. The algorithm and source code was released in 2008 as public domain software.

In cryptography, the Fluhrer, Mantin and Shamir attack is a stream cipher attack on the widely used RC4 stream cipher. The attack allows an attacker to recover the key in an RC4 encrypted stream from a large number of messages in that stream.

In cryptography, a distinguishing attack is any form of cryptanalysis on data encrypted by a cipher that allows an attacker to distinguish the encrypted data from random data. Modern symmetric-key ciphers are specifically designed to be immune to such an attack. In other words, modern encryption schemes are pseudorandom permutations and are designed to have ciphertext indistinguishability. If an algorithm is found that can distinguish the output from random faster than a brute force search, then that is considered a break of the cipher.

This article summarizes publicly known attacks against block ciphers and stream ciphers. Note that there are perhaps attacks that are not publicly known, and not all entries may be up to date.

BLAKE is a cryptographic hash function based on Daniel J. Bernstein's ChaCha stream cipher, but a permuted copy of the input block, XORed with round constants, is added before each ChaCha round. Like SHA-2, there are two variants differing in the word size. ChaCha operates on a 4×4 array of words. BLAKE repeatedly combines an 8-word hash value with 16 message words, truncating the ChaCha result to obtain the next hash value. BLAKE-256 and BLAKE-224 use 32-bit words and produce digest sizes of 256 bits and 224 bits, respectively, while BLAKE-512 and BLAKE-384 use 64-bit words and produce digest sizes of 512 bits and 384 bits, respectively.

VMPC for cryptography is a stream cipher similar to the well known and popular cipher RC4 designed by Ron Rivest. It was designed by Bartosz Żółtak, presented in 2004 at the Fast Software Encryption conference. VMPC is a modification of the RC4 cipher.

References

↑ Robert J. Jenkins Jr., ISAAC. Fast Software Encryption 1996, pp. 41–49.
↑ The ISAAC Cipher
↑ Jenkins, Bob (2023-03-17). "Tests for Random Number Generators".
↑ Marina Pudovkina, A known plaintext attack on the ISAAC keystream generator, 2001, Cryptology ePrint Archive: Report 2001/049, .
1 2 "On the pseudo-random generator ISAAC" (PDF). Cryptology ePrint Archive. Retrieved 21 August 2016.
↑ Jean-Philippe Aumasson, On the pseudo-random generator ISAAC. Cryptology ePrint archive, report 2006/438, 2006.
↑ Souradyuti Paul, Bart Preneel, On the (In)security of Stream Ciphers Based on Arrays and Modular Addition.Asiacrypt 2006.
↑ GNU coreutils git
↑ Apache Commons Math reference

External links

Official ISAAC website
Multiple ISAAC implementations at Rosetta Code
Pascal/Delphi port
Math::Random::ISAAC, a Perl module implementation of the algorithm
isaac.js, a JavaScript implementation

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Robert J. Jenkins Jr., ISAAC. Fast Software Encryption 1996, pp. 41–49.

[2] The ISAAC Cipher

[3] Jenkins, Bob (2023-03-17). "Tests for Random Number Generators".

[4] Marina Pudovkina, A known plaintext attack on the ISAAC keystream generator, 2001, Cryptology ePrint Archive: Report 2001/049, .

[:0-5] 1 2 "On the pseudo-random generator ISAAC" (PDF). Cryptology ePrint Archive. Retrieved 21 August 2016.

[6] Jean-Philippe Aumasson, On the pseudo-random generator ISAAC. Cryptology ePrint archive, report 2006/438, 2006.

[7] Souradyuti Paul, Bart Preneel, On the (In)security of Stream Ciphers Based on Arrays and Modular Addition.Asiacrypt 2006.

[8] GNU coreutils git

[9] Apache Commons Math reference

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]