A Stream Cipher is a type of encryption algorithm that operates on individual elements in a data stream, such as a character or a binary digit. They are less complex to implement in hardware, and are suited for areas that have little to no buffering, such as telecommunications. There is not a lot of literature about these ciphers; most designs are proprietary.

They can be either synchronous or self-synchrononizing.



Source: The Handbook of Applied Cryptography, Alfred J. Menezes, Paul C. van Oorschot, and Scott A Vanstone
ISBN: 0849385237

A stream cipher is basically any cipher whereby elements are dependent upon previous elements for decryption. The problem with a traditional stream cipher is that each element in the chain contains the method for decrypting the next element. Why is this bad? Well if you get the packets out of order (TCP helps with this), then you have a perfectly random stream of bits (thanks to the waterfall theory; which states that for security to be in place ciphertext should have nothing to do with plaintext). Should something go wrong, you have a random bit firehose, in theory. It should also look like that to any third party who can see your data.

There are very few, if any, publicly used stream ciphers. There are some advantages to them (and i personally know of several apps that take advantage of this for numerous reasons), but all in all, it is best to stick with a block cipher, whereby each data is encrypted the same (ala DES, or 3DES).

What is a stream cipher?

A stream cipher is a symmetric encryption method that usually operates at the character or bit level, with the plaintext being combined (normally by an operation such as XOR) with a generated keystream to produce the ciphertext.

Although seemingly simple, its security stems from the fact that, if the generated keystream is not distinguishable from a random sequence and used only once to encrypt a message, it has the same security as a one time pad. Particular requirements for a good stream cipher are a long period and high linear complexity, but not all ciphers with these requirements are necessarily secure.

They are often built using counters, linear feedback shift registers, nonlinear feedback shift registers, nonlinear filters and/or S-boxes, cryptographic sponges, T-functions or even more complicated things.

Regardless of their internal components, stream ciphers can be generally seen as finite state machines: they take some input (internal state, key and optionally, as in the case of self-synchronizing stream ciphers past ciphertext), perform some operations and output the next internal state. A part (or even a nonlinear function of parts) of the internal state are also output at each step as the keystream.

This implies that a stream cipher can never really attain the security level of a one time pad, as sequences generated by a finite state machine are always periodic and, therefore, non-random (it might just have a period that exceeds the remaining time until the heat death of the Universe, but it's still finite).

One very obvious "problem" with a stream cipher is that if you re-use a key (or a key+IV pair), the generated keystream will be the same, compromising the security of the plaintexts encrypted with such keystream (but, hey... that's not a bug, it's a feature! otherwise, the other party wouldn't be able to replicate the correct keystream and therefore decrypt your message).

Why not just use a block cipher?

A block cipher, unlike a stream cipher, operates at the level of blocks, providing a (key-dependent) permutation family which should resemble, as much as possible, a group of pseudo-random permutations (PRP). This implies that thorough diffusion (mixing) and confusion (nonlinear layers) are required for a certain level of robustness against cryptanalysis.

On the other hand, a stream cipher usually only exposes part (or even a nonlinear combination of parts) of its internal state at each step, which implies that it can probably afford less mixing and nonlinearity than a full block cipher between each step (with LFSR being an extreme example, with very slow mixing of its internal state between each step). They are also often more efficient in hardware than block ciphers, being therefore a very valid choice for symmetric encryption in embedded systems and low-power requirements situations (e.g. smartcards).

Nonetheless, it is true that the design and attack of block ciphers is much better understood in academia, which generally grants block ciphers a higher sense of security (due to heightened scrutiny regarding their designs). Also, it's trivial to build a secure stream cipher using a secure block cipher in counter mode and/or using a block cipher to mix some internal state.

Examples of stream ciphers

Log in or register to write something here or to contact authors.