# RC4 (Rivest Cipher 4)

RC4 is a well-known stream cipher designed by Ron Rivest in 1987. It was once widely used in protocols like WEP and early TLS/SSL. However, due to significant vulnerabilities—especially biases in its keystream—RC4 is now considered completely **insecure** for modern use.

---

## Overview

- **Type:** Stream cipher  
- **Operation:** Generates a pseudorandom keystream that is XORed with the plaintext to produce the ciphertext.  
- **Symmetry:** Encryption and decryption are identical (the same function can be used for both).

---

## How RC4 Works

1. **Key-Scheduling Algorithm (KSA):**
   - Initializes a state array `S` of 256 bytes.
   - The state array is permuted using the secret key.
2. **Pseudo-Random Generation Algorithm (PRGA):**
   - Continuously generates keystream bytes by further modifying the state array.
3. **Encryption / Decryption:**
   - The plaintext is XORed with the keystream, block for block.
   - Due to the properties of XOR, the same process is used for decryption.

---

## RC4 Parameters

- **Key (K):** Variable length from 1 to 256 bytes (often 16 bytes in practice).
- **State Array (S):** A permutation of the numbers 0–255 (256 bytes).
- **Keystream:** Generated continuously, with one byte used per plaintext byte.

---

## Security Notes

- **Insecure by Modern Standards:**  
  RC4 exhibits key/IV biases and state leaks that can lead to plaintext recovery.
- **Historical Usage:**  
  Formerly used in WEP (Wi-Fi) and early versions of TLS/SSL, but now deprecated.
- **Educational Value:**  
  Though insecure, RC4 remains useful for teaching the concepts of stream ciphers.


In [2]:
def rc4(key: bytes, data: bytes) -> bytes:
    # Key-scheduling algorithm (KSA)
    S = list(range(256))
    j = 0
    for i in range(256):
        j = (j + S[i] + key[i % len(key)]) % 256
        S[i], S[j] = S[j], S[i]
    
    # Pseudo-random generation algorithm (PRGA)
    i = j = 0
    out = []
    for byte in data:
        i = (i + 1) % 256
        j = (j + S[i]) % 256
        S[i], S[j] = S[j], S[i]
        K = S[(S[i] + S[j]) % 256]
        out.append(byte ^ K)
    return bytes(out)

# --- Example ---
key = b"secretkey"
plaintext = b"RC4: this is a test message"

# Encrypt
ciphertext = rc4(key, plaintext)
print("Ciphertext (hex):", ciphertext.hex())

# Decrypt (same function!)
recovered = rc4(key, ciphertext)
print("Recovered:", recovered)


Ciphertext (hex): f7ebe8266cc5fd215b8c22f7a246155f11247d40f3165d47fcb949
Recovered: b'RC4: this is a test message'
