From Wikipedia, the free encyclopedia

In cryptography, ISAAC is a pseudorandom number generator and a stream cipher designed by Robert Jenkins (1996) to be cryptographically secure. The name is an acronym for Indirection, Shift, Accumulate, Add, and Count.^[1]

The ISAAC algorithm has similarities with RC4. It uses an array of 256 4-byte integers (called mm) as the internal state, writing the results to another 256-integer array, from which they are read one at a time until empty, at which point they are recomputed. The computation consists of altering mm[i] with mm[i^128], two elements of mm found by indirection, an accumulator, and a counter, for all values of i from 0 to 255. Since it only takes about 19 32-bit operations for each 32-bit output word, it is extremely fast on 32-bit computers.

Cryptanalysis has been undertaken by Marina Pudovkina (2001)^[2]. Her attack can recover the initial state with a complexity that is approximated to be less than the time needed for searching through the square root of all possible initial states. In practice this means that the attack needs instead of 10²⁴⁶⁶. This result has had no practical impact on the security of ISAAC. As always with cryptographic primitives, future improvements, or another attack, are possible.

In 2006 Jean-Philippe Aumasson discovered several sets of weak states^[3]. The fourth presented (and smallest) set of weak states leads to a highly biased output for the first round of ISAAC and allows the derivation of the internal state, similar to a weakness in RC4. It is not clear if an attacker can tell from just the output whether the generator is in one of these weak states or not. He also shows that a previous attack^[4] is flawed, since the Paul et al. attack is based on an erroneous algorithm rather than the real ISAAC. An improved version of ISAAC is proposed, called ISAAC+.

• Official ISAAC website