@misc{RivestSchuldt-2014-Spritz,
author = { Ronald L. Rivest and Jacob C. N. Schuldt },
title = { {Spritz}---A spongy {RC4}-like stream cipher and hash function },
date = { 2014-08-19 },
OPTyear = { 2014 },
OPTmonth = { August 19, },
note = { Presented at Charles River Crypto Day (2014-10-24). },
urla = { crypto-day },
urlb = { iacr/eprint/2016/856
abstract = {
This note reconsiders the design of the stream cipher RC4, and
proposes an improved variant, which we call ``Spritz''
(since the output comes in fine drops rather than big
blocks.)
\par
Our work leverages the considerable cryptanalytic work done
on the original RC4 and its proposed variants. It also uses
simulations extensively to search for biases and to guide the
selection of intermediate expressions.
\par
We estimate that Spritz can produce output with about 24 cycles/byte
of computation.
Furthermore, our statistical tests suggest that about $2^{81}$ bytes of output
are needed before one can reasonably distinguish Spritz output from random
output; this is a marked improvement over RC4.
\par
In addition, we formulate Spritz as a ``sponge (or sponge-like)
function,''\cite{BertoniDaPeVA11sponge}, which can \proc{Absorb} new
data at any time, and from which one can \proc{Squeeze} pseudorandom
output sequences of arbitrary length. Spritz can thus be easily
adapted for use as a cryptographic hash function, an encryption
algorithm, or a message-authentication code generator. (However, in
hash-function mode, Spritz is rather slow.)
}
}