1<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> 2<!--========================================================================== 3 Copyright 2006 Nintendo. All rights reserved. 4 5 These coded instructions, statements, and computer programs contain 6 proprietary information of Nintendo of America Inc. and/or Nintendo 7 Company Ltd., and are protected by Federal copyright law. They may 8 not be disclosed to third parties or copied or duplicated in any form, 9 in whole or in part, without the prior written consent of Nintendo. 10 ==========================================================================--> 11<HTML> 12<HEAD> 13 <META http-equiv="Content-Type" content="text/html; charset=windows-1252"> 14 <META name="GENERATOR" content="IBM WebSphere Studio Homepage Builder Version 7.0.0.0 for Windows"> 15 <META http-equiv="Content-Style-Type" content="text/css"> 16 <TITLE>Encryption Using the RC4 Algorithm: Overview</TITLE> 17 <LINK rel="stylesheet" href="../../css/nitro.css" type="text/css"> 18</HEAD> 19<BODY> 20<H1 align="left">Encryption Using the RC4 Algorithm: Overview</H1> 21<H2>Description</H2> 22<H3>Purpose and Restrictions</H3> 23<P> 24 An encryption function that uses the RC4 algorithm was prepared so you can perform encryption easily with a low impact on the system load. Use this function when you do not want dynamically generated game data to be sent over the network unencrypted or when you do not want to save data to backup memory unencrypted. 25</P> 26<P> 27 However, because shared key encryption is used with RC4, the key data used for both encryption and decryption must be stored in the software. Therefore, the key may be discovered by analyzing the ROM binary, which could threaten encryption. <span style="color: red;">Do not use this function alone for encrypting highly sensitive data or for verifying the author of data.</span> 28</P> 29<P> 30 If you need to authenticate the data author, use the <CODE><A href="../sign/CRYPTO_VerifySignature.html">CRYPTO_VerifySignature</A></CODE> function to verify the digital signature.<! Be sure to use SSL communications (enabled using SOC_EnableSsl) for safely communicating with the server using the TWL WiFi library. > 31</P> 32<H3>Features of the RC4 Algorithm</H3> 33<P> 34 The RC4 algorithm has the following features. 35</P> 36<ul> 37 <li>Public key encryption.</li> 38 <li>Stream encryption.</li> 39 <li>High-speed encryption/decryption.</li> 40 <li>An efficient analysis technique has not been announced.</li> 41</ul> 42<P> 43 Using stream encryption is simple because the number of input bytes matches the number of output bytes. However, it may not remain robust if certain precautions are not followed. Be sure to note the precautions described below. 44</P> 45<H3>Principle of Operation of the RC4 Algorithm</H3> 46<P> 47 The RC4 algorithm works by creating a uniquely defined random number string from the key, then XOR-ing the original data with the random number string. As a result, the same key always generates the same encryption random number string. This is described as follows: 48</P> 49<ol> 50 <li>The same encrypted data is always generated from the same key and the same data. In other words, it is possible to tell whether one encrypted text has the same source data as another encrypted text. (Dictionary Attack)</li> 51 <li>When two sets of data generated using the same encryption key are XOR-ed, it is possible to obtain the result of XOR-ing the original plain text data. (This is one type of differential attack.)</li> 52 <li>It is possible to reverse a bit of data after decryption by reversing one bit of data anywhere in the encrypted text. (Bit inversion attack)</li> 53</ol> 54<P> 55 To foil dictionary attacks and differential attacks, a unique initialization vector (IV) is created each time and added to the public key to create a real key for the RC4 algorithm to use. When the encrypted data is sent, the unencrypted IV must also be sent. For example, out of the 128 bits passed as a key to the RC4 function, 96 are handled as the true private key. The remaining 32 bits are the initialization vector, and are filled with a different number each time. 56</P> 57<P> 58 To avoid bit inversion attacks, a message digest value such as MD5 or SHA-1 is attached to any sent data. Because an attacker does not know the original data, the correct message digest value cannot be calculated even if the attacker changed any bits. Functions for finding MD5 and SHA-1 are provided in the TWL-SDK. 59</P> 60<P> 61 For more details, refer to any number of general references on encryption available. 62</P> 63<H2>See Also</H2> 64<P><CODE><A href="../list_crypto.html#rc4">List of CRYPTO Functions</A><BR></CODE></P> 65<H2>Revision History</H2> 66<P> 672006/03/07 Initial version.</P> 68<hr><p>CONFIDENTIAL</p></body> 69</HTML> 70