Stream cipher

A stream cipher is a special way to keep messages secret using a secret key. It works by mixing each part of the message, called plaintext, with a changing series of numbers, known as the keystream. This mixing happens one part at a time, using a process called exclusive-or, or XOR for short.

The keystream is made to look random, starting from a seed value that acts like the secret key. This seed helps create the series of numbers needed to hide the message. Stream ciphers are different from another way of hiding messages called block ciphers, which work on bigger chunks of data all at once.

Stream ciphers are often faster and simpler to use than block ciphers, especially in devices with limited power. However, they can sometimes be broken if the same starting point, or seed, is used more than once, which can let someone uncover the hidden message.

Loose inspiration from the one-time pad

Stream ciphers are inspired by a special and very strong way of hiding messages called the one-time pad (OTP). The one-time pad uses a keystream made of random numbers that are mixed with the message to hide it. This method was shown to be safe by Claude E. Shannon in 1949. But, it is hard to use because the random numbers need to be as long as the message and can only be used once.

Stream ciphers use a smaller key, like 128 bits, to create a pattern of numbers that looks random. This pattern is mixed with the message, similar to the one-time pad. However, because the pattern is not truly random, it might not be as safe as the one-time pad and can sometimes be easy to figure out.

Types

A stream cipher creates a series of secret numbers, called a keystream, to hide messages. The keystream changes based on an internal setup, called the state. There are two main types of stream ciphers.

Lorenz SZ cipher machine as used by the German military during World War II

In a synchronous stream cipher, the keystream is made separately from the message. The keystream is then mixed with the message to hide it. If small mistakes happen during sending, only that small part of the message might be affected.

In a self-synchronizing stream cipher, the keystream is partly based on earlier parts of the hidden message. This helps the receiver fix any lost or added parts of the message more easily.

Based on linear-feedback shift registers

Binary stream ciphers often use linear-feedback shift registers (LFSRs) because they are easy to build and study. However, using LFSRs alone does not keep information safe. Different methods have been created to make LFSRs more secure.

One way to make LFSRs safer is to connect several LFSRs to a special math rule called a Boolean function. This helps remove patterns that could be used to break the cipher, and it avoids correlation attacks.

One approach is to use n LFSRs in parallel, their outputs combined using an n-input binary Boolean function (F).

Another method changes how often the LFSRs update. Instead of updating at regular times, one LFSR decides when another updates. Examples include the alternating step generator and the shrinking generator. The alternating step generator uses three LFSRs where one decides which of the other two to use each time. The shrinking generator uses two LFSRs, only sharing a bit when a certain condition is met.

A third method uses a special rule to change the output of a single LFSR, making it harder to predict.

Other designs

Instead of using a simple, straight-line method to change numbers, some people use more complex shapes. For example, Klimov and Shamir suggested using triangle-like shapes (called T-functions) that work with numbers made of n bits.

Security

For a stream cipher to stay safe, its key sequence needs to be very long and hard to guess. Experts want the sequence to look completely random, without any patterns that could help someone break the code. This needs to be true for every possible key, even if attackers know some of the secret message or the coded message.

Using a safe stream cipher correctly means never reusing the same key sequence twice. This usually means using a new starting number or key each time you encode a message. It's important to remember that while stream ciphers keep messages private, they don't always check if messages have been changed during sending.

Short key sequences can be a real problem. For example, some older methods can repeat their sequences too quickly, making them easier to break. Some uses of a cipher called RC4 have been found to have weak points, so new systems should avoid RC4 or make sure every key is unique and unrelated, using strong random number generators or special encoding methods.

Stream ciphers are often easier to understand than other encoding methods, which makes it less likely they have hidden weaknesses.

Usage

Stream ciphers are often chosen because they work quickly and are easy to build, especially in devices. They are great for things like secure wireless connections where the amount of data isn’t known ahead of time. Unlike block ciphers, stream ciphers don’t need extra data added to make everything fit neatly, which makes them simpler to use.

In military uses, the secret part of the cipher can be made in a safe, secure place and then used in other devices, like radios, which only need to combine the data. This lets the radio be used in less protected places.

ChaCha is now one of the most common stream ciphers used in software. Others include: RC4, A5/1, A5/2, FISH, Helix, ISAAC, MUGI, Panama, Phelix, Pike, Salsa20, SEAL, SOBER, SOBER-128, and WAKE.

Some stream ciphers come from specific countries or are required by standards. For example, ZUC comes from China, SNOW / SNOW 3G from Sweden (used in mobile networks), and A5/1 and A5/2 were made for mobile phones. The eSTREAM project also included ciphers from different countries, such as Grain from Sweden, Trivium from Belgium, and Rabbit from Denmark.