Stream cipher

The pseudorandom keystream is typically generated serially from a random seed value using digital shift registers.

Based on this key, it generates a pseudorandom keystream which can be combined with the plaintext digits in a similar fashion to the one-time pad.

[citation needed] A stream cipher generates successive elements of the keystream based on an internal state.

By contrast, self-synchronising stream ciphers update their state based on previous plaintext or ciphertext digits.

In the most common form, binary digits are used (bits), and the keystream is combined with the plaintext using the exclusive or operation (XOR).

The idea of self-synchronization was patented in 1946 and has the advantage that the receiver will automatically synchronise with the keystream generator after receiving N ciphertext digits, making it easier to recover if digits are dropped or added to the message stream.

Binary stream ciphers are often constructed using linear-feedback shift registers (LFSRs) because they can be easily implemented in hardware and can be readily analysed mathematically.

Various properties of such a combining function are critical for ensuring the security of the resultant scheme, for example, in order to avoid correlation attacks.

For example, Klimov and Shamir proposed triangular functions (T-functions) with a single cycle on n-bit words.

Cryptographers also demand that the keystream be free of even subtle biases that would let attackers distinguish a stream from random noise, and free of detectable relationships between keystreams that correspond to related keys or related cryptographic nonces.

Application designers must also recognize that most stream ciphers provide not authenticity but privacy: encrypted messages may still have been modified in transit.

For example, 64-bit block ciphers like DES can be used to generate a keystream in output feedback (OFB) mode.

For example, if encryption is being performed at a rate of 8 megabytes per second, a stream of period 232 blocks will repeat after about an hour.

Some applications using the stream cipher RC4 are attackable because of weaknesses in RC4's key setup routine; new applications should either avoid RC4 or make sure all keys are unique and ideally unrelated (such as generated by a well-seeded CSPRNG or a cryptographic hash function) and that the first bytes of the keystream are discarded.

Stream ciphers are often used for their speed and simplicity of implementation in hardware, and in applications where plaintext comes in quantities of unknowable length like a secure wireless connection.

For example, if a 128-bit block cipher received separate 32-bit bursts of plaintext, three quarters of the data transmitted would be padding.

Block ciphers must be used in ciphertext stealing or residual block termination mode to avoid padding, while stream ciphers eliminate this issue by naturally operating on the smallest unit that can be transmitted (usually bytes).

Another advantage of stream ciphers in military cryptography is that the cipher stream can be generated in a separate box that is subject to strict security measures and fed to other devices such as a radio set, which will perform the XOR operation as part of their function.

The operation of the keystream generator in A5/1 , an LFSR-based stream cipher used to encrypt mobile phone conversations.
Lorenz SZ cipher machine as used by the German military during World War II
One approach is to use n LFSRs in parallel, their outputs combined using an n -input binary Boolean function ( F ).
RC4 is one of the most widely used stream cipher designs.