We implemented a rc4 (ARC4) variant for creating a cryptographic stream - question is: Is this sound?
(I'll give an example for 32 bit variant, though 64 bit/larger is possible)
Algorithm is as follows:
We have an array of integers A (32 bit) and array of 8 bit numbers B.
Perform a round of rc4 to mix the B array positions.
We then shift the values of B into A, ie for 0..255, A[i]=(A[i]<<8)|B[i]; We rerun that 4 times such that each integer has 32 bits of random positions.
We keep A and B, we then pass the B keystream (arc4) through the A mixer.
Given a 32 bit value of "hash":
hash = (hash>>8) ^ A[ arc4(B) ];
Thus the 8 bit arc4 is looking up 32 bit values, and XORing with the previous value of hash. We then say the
output= (hash)&0xff;
The output of the stream then is a nonlinear mix of the last 4 values of the arc4 algorithm.
Question: Would this 'fix' the rc4/arc4 holes/issues that have been reported?
What is the cryptographic opinion of the community on the soundness of this algorithm?
Many thanks.
