Stream Cipher
Stream cipher is a symmetric encryption process that encrypts each bit in the plaintext message one bit at a time, but uses a pseudorandom string (keystream) of cipher digits to encrypt the input plaintext with.
- can make a block cipher act as a stream cipher by setting the block size to one bit
- better for:
- encrypting data of unknown size
- or data moving in a continuous stream
- faster than block ciphers
- typically use simple operations to encrypt each bit or byte
- e.g., exclusive-or (XOR ⊕)
- is true if either input is true, but not both
- e.g., exclusive-or (XOR ⊕)
- inspired by the one-time pad cipher
- a stream cipher converts an encryption key into a keystream
- a keystream is a continuous bit stream
- using a stream cipher to protect any potentially unlimited-length plaintext requires that the keystream be truly random across its entire use with that plaintext
- makes it somewhat impractical to exchange and keep the keystreams secret
- instead, special hardware or software keystream generators take a fixed-length key, typically 128-bits, and use it as an input, along with other cryptovariables, to continuously generate the keystream
- is a function that uses a seed value (encryption key itself) as input, producing encryption values to be combined with each bit or byte of the input plaintext
- most keystream generators produce pseudorandom keystreams
- thus, is possible to become insecure with use
- key distribution and management becomes the most important element for preserving security
- can work on any length of input plaintext
- found widespread use in mobile communications systems in which the plaintext input is often of unbounded length and is bursty in nature
- produced in sets of data of unpredictable size separated by unpredictable short or long periods of no signal on the link
- these characteristics meant block ciphers were ill-suited
- practical stream ciphers use a fixed-length key to encrypt messages of variable length
- some ciphers can be broken if attacker possesses enough ciphertexts encrypted with the same key
- changing the key periodically can increase security
Types of Stream Ciphers
Synchronous
Synchronous ciphers require the sender and receiver to remain in perfect synchronization in order to decrypt the stream.
- if bits are added or dropped from the stream, the decryption will fail from that point on
- receiver needs to be able to detect the loss of synchronization and either:
- try various offsets to resync
- or wait for distinctive marker inserted by the sender to enable the receiver to resync
- a single-character error in the ciphertext will result in only a single-character error in the decrypted plaintext
Self-Synchronizing
Self-synchronizing ciphers have the property that after at most
- advantage in situations which data can be dropped or added to the ciphertext stream
- suffer from the problem that should a character be corrupted, the error will propagate, affecting up to the next
characters
Usage
- strengths and weaknesses derive from how you use it
- impractical to have a keystream that never repeats
- may define a key repeat period in bits
- depending on your operational security needs
- key to operation of stream ciphers is their use of an initialization vector (IV)
- is used along with the encryption key to start up the keystream generator function in some algorithms
- RC4 does not use an IV
How It Works
- stream cipher takes a key
of bits in length and stretches it into a long keystream - keystream is a string of bits used like a one-time pad
- this keystream is then XORed with the plaintext
to product ciphertext - same keystream is used to recover
from - use of keystream is identical to that of the pad in a one-time pad
- operation of a stream cipher:
is the key is the resulting keystream
- Given keystream
, and plaintext - we generate the ciphertext
by XORing the corresponding bits: - to decrypt
, the keystream is used again:
- we generate the ciphertext
Instances of Stream Ciphers
- A5/1
- used in GSM cell phones
- A5/2
- Rivest Cipher 4 (RC4)
- Salsa20 & ChaCha20