
1. VMPC Stream Cipher
The VMPC Stream Cipher is a proposed extension of the VMPC oneway function
into an encryption algorithm. It was published at the
Fast Software Encryption (FSE) conference in 2004.
VMPC Stream Cipher can be regarded as a more secure alternative to the popular
RC4 algorithm designed by Ron Rivest.
Compared to RC4  VMPC Stream Cipher
offers higher security level (of both the cipher itself and of the Key Scheduling Algorithm),
higher statistical quality of the generated keystream,
similar level of implementation simplicity and only slightly lower efficiency.
VMPC Stream Cipher offers authenticated encryption mode with 160bit
MAC (Message Authentication Code) tags. For more details please refer to the
VMPCMAC specification.
The cipher generates a stream of 8bit values from an internal state comprising
a 256byte permutation and two 8bit integer variables. The generated
values should be xored with the plaintext to derive the ciphertext.
The initial value of the cipher's internal state is determined
by the VMPC Key Scheduling Algorithm described in section 2.
The number of possible values of the cipher's internal state is 256!*256^{2}=2^{1700}.
VMPC Stream Cipher internal state:

P 
: 256byte table storing a permutation of integers {0,1,...,255} 

n, s 
: 8bit integer variables 

L 
: length of message in bytes 

+ 
denotes addition modulo 256 

Table 1. VMPC Stream Cipher algorithm 
repeat steps 14 L times:
1. s = P[ s + P[n] ]
2. output = P[P[P[s]]+1]
3. swap P[n] with P[s]
4. n = n + 1



2. VMPC Key Scheduling Algorithm
The VMPC Key Scheduling Algorithm transforms a cryptographic
key and an Initialization Vector into the cipher's internal state.
The VMPCKSA algorithm comes in two variants:
 Basic VMPCKSA as published at the FSE 2004 conference
 Later developed VMPCKSA3 (about 1/3 slower but offering an additiona layer of security)
Table 2 presents both the basic VMPCKSA algorithm and the VMPCKSA3.
The only difference between them is one additional mixing round in the VMPCKSA3 (step 3 in Table 2).
Other than that the algorithms are identical.
The VMPCKSA3 variant was developed in further research after the FSE 2004 conference.
See the security analysis of the VMPCKSA3 algorithm.
Both algorithms (Basic VMPCKSA and VMPCKSA3) are be recommended for use.
The development of VMPCKSA3 was not implied by any weaknesses of the
basic VMPCKSA algorithm. Instead VMPCKSA3
was developed to provide an additional layer of security
to reduce (to some extent) the security loss in the event of a hypothetical successful internalstaterecovery attack.
This comes at the cost of about 1/3 lower efficiency of the KSA
resulting from reinputting the secret key to the KSA (step 3). Other than that
the algorithms are the same (the round functions of VMPCKSA and VMPCKSA3 are identical).
The choice between VMPCKSA and VMPCKSA3 is an individual decision.
Whenever the lower efficiency of VMPCKSA3 is acceptable, VMPCKSA3 is a better choice.
At the same time the more efficiencydemanding applications can comfortably
employ the basic VMPCKSA without any security worries.
Notation as in section 1, with:

n, s 


k 
: length of the cryptographic key in bytes; k ∈ {16,17,...,64} 

K 
: kbyte table storing the cryptographic key 

v 
: length of the Initialization Vector in bytes; v ∈ {16,17,...,64} 

V 
: vbyte table storing the Initialization Vector 

i 
: temporary integer variable 

+ 
denotes addition modulo 256 

Table 2. VMPC Key Scheduling Algorithm (VMPCKSA / VMPCKSA3) 
0. s = 0; P[i] = i for i ∈ {0,1,...,255}

Basic VMPCKSA variant:
1. KSARound(K, k)
2. KSARound(V, v)

VMPCKSA3 variant:
1. KSARound(K, k)
2. KSARound(V, v)
3. KSARound(K, k)

Function KSARound(M, m) definition:
4. n = i = 0
5. repeat steps 69 768 times:
6. s = P[ s + P[n] + M[i] ]
7. swap P[n] with P[s]
8. i = (i + 1) mod m
9. n = n + 1



For more information on the VMPCKSA3 variant see security analysis of the VMPCKSA3 algorithm

3. Test output of the VMPC Stream Cipher using the basic VMPCKSA
16 bytes of a 102.400byte datastream generated by the VMPC Stream Cipher
for a given key and a given Initialization Vector are shown in Table 3.
The internal state of the cipher is initialized with the basic VMPCKSA algorithm.
Table 3. Example datastream generated by the VMPC Stream Cipher with VMPCKSA
Key (hex) 
96, 61, 41, 0A, B7, 97, D8, A9, EB, 76, 7C, 21, 17, 2D, F6, C7 
Initialization Vector (hex) 
4B, 5C, 2F, 00, 3E, 67, F3, 95, 57, A8, D2, 6F, 3D, A2, B1, 55 
Outputbyte number (dec) 
0 
1 
2 
3 
252 
253 
254 
255 
Outputbyte value (hex) 
A8 
24 
79 
F5 
B8 
FC 
66 
A4 
Outputbyte number (dec) 
1020 
1021 
1022 
1023 
102396 
102397 
102398 
102399 
Outputbyte value (hex) 
E0 
56 
40 
A5 
81 
CA 
49 
9A 


4. Test output of the VMPC Stream Cipher using the VMPCKSA3 algorithm
16 bytes of a 102.400byte datastream generated by the VMPC Stream Cipher
for a given key and a given Initialization Vector are shown in Table 4.
The internal state of the cipher is initialized with the VMPCKSA3 algorithm.
Table 3. Example datastream generated by the VMPC Stream Cipher with VMPCKSA3
Key (hex) 
96, 61, 41, 0A, B7, 97, D8, A9, EB, 76, 7C, 21, 17, 2D, F6, C7 
Initialization Vector (hex) 
4B, 5C, 2F, 00, 3E, 67, F3, 95, 57, A8, D2, 6F, 3D, A2, B1, 55 
Outputbyte number (dec) 
0 
1 
2 
3 
252 
253 
254 
255 
Outputbyte value (hex) 
B6 
EB 
AE 
FE 
48 
17 
24 
73 
Outputbyte number (dec) 
1020 
1021 
1022 
1023 
102396 
102397 
102398 
102399 
Outputbyte value (hex) 
1D 
AE 
C3 
5A 
1D 
A7 
E1 
DC 

For the VMPCKSA3 key Scheduling Algorithm for the VMPC Stream Cipher,
see VMPCKSA3 specification.
For a scheme of authenticated encryption based on
the VMPC Stream Cipher, see the VMPCMAC specification.
For further analysis of the algorithms, see the Research section.

Home 
VMPC Function 
VMPCR CSPRNG 
VMPC Stream Cipher 
VMPCMAC scheme 
VMPC KSA3 algorithm 
Research 
Inverting Challenge
P vs NP Project 
VMPCrypt Application 
Permutu Game 
Publications 
About Author 
Contact



Copyright © 19992019 by Bartosz Zoltak

