|
In cryptography, a stream cipher is a cipher in which the input data are encrypted one bit (sometimes one byte) at a time. They are sometimes called state ciphers since the encryption of a bit is dependent on the current state; NSA documents sometimes use the term "combiner-type algorithms", referring to algorithms that use some function to combine a pseudorandom number generator (PRNG) with a plaintext stream. Stream ciphers represent a line of cipher development different from block ciphers, although there are mathematical transformations that convert stream ciphers into block ciphers and vice versa. Stream ciphers typically execute at a higher speed than block ciphers, but are subject to serious security problems if not used properly (see stream cipher attacks). In particular, the same cipher key must never be used twice.
Perhaps the most common type - the synchronous stream cipher - consists of a PRNG and an XOR gate. The PRNG is initialized with a key, and outputs a sequence of bits known as a keystream, which is entirely independent of the plaintext and ciphertext. Encryption consists of XORing the plaintext bits with the corresponding bits of the keystream; decryption consists of XORing the ciphertext bits with the corresponding keystream bits. This means that a single bit of ciphertext error results in a single bit of plaintext error; this property is useful when the transmission error rate is high. However, a stream cipher is susceptible to bit-fiddling attacks — toggling a bit will result in changes to the corresponding plaintext bit.
Some ciphers, called self-synchronizing stream ciphers, use several previous ciphertext bits to compute the keystream. A single-bit error then turns into a long burst of garble, but the cipher will eventually recover from a lost bit after the erroneous bit falls off the shift register. Keystream generators are often constructed using linear feedback shift registers, though such ciphers can be insecure.
Stream ciphers are used in applications where plaintext comes in quantities of unknowable length - for example, a secure wireless connection. If a block cipher were to be used in this type of application, considerable bandwidth would end up being wasted by padding, since block ciphers cannot work on blocks shorter than their block size. For example, if a 64-bit block cipher received separate 32-bit bursts of plaintext, half of the data transmitted would be padding. Stream ciphers eliminate this by operating on the smallest unit that can be transmitted (usually bytes).
Another advantage of stream ciphers in military cryptography is that the cipher stream can be generated in a separate box that is subject to strict security measures and fed to other devices, e.g. a radio set, which will perform the xor operation as part of their function. The latter device can then be designed and used in less stringent environments.
A well-known stream cipher is RC4; others include:
A5/1,
A5/2,
Chameleon,
FISH,
Helix.
ISAAC,
Panama,
Pike,
SEAL,
SOBER,
SOBER-128 and
WAKE.
|
