Cryptology 441Since the key is currently unknown, the K array is loaded up with what
currently is known, and the S array is filled with sequential values from 0 to
- Then, j is initialized to 0, and the first three steps of the KSA are done.
Remember that all math is done modulo 16.
KSA step one:
i =0
j= j+S[i]+K[i]
j=0+0+3=3
Swap S[i] and S[j]
K[] = 3 15 2XXXXX 3152 XXXXX
S[] = 3 120456789101112131415
KSA step two:
i =1
j= j+S[i]+K[i]
j=3+1+15=3
Swap S[i] and S[j]
K[] = 3 15 2XXXXX 3152 XXXXX
S[] = 3 02 1456789101112131415
KSA step three:
i =2
j= j+S[i]+K[i]
j=3+2+2=7
Swap S[i] and S[j]
K[] = 3 15 2XXXXX 3152 XXXXX
S[]=30 7 14562 89101112131415
At this point, j isn’t less than 2, so the process can continue. S[3] is 1, j is
7, and the first byte of keystream output was 9. So the zeroth byte of the key
should be 9 − 7 − 1 = 1.
This information can be used to determine the next byte of the key,
using IVs in the form of (4, 15, X) and working the KSA through to the
fourth step. Using the IV (4, 15, 9), the first byte of keystream is 6.
output = 6
A =0
IV = 4, 15, 9
Key = 1, 2, 3, 4, 5