Questions tagged [stream-cipher]

A stream cipher is an encryption algorithm which encrypts arbitrary length plaintext, using a key. Some stream ciphers generate a keystream from only the key, which is then XOR-combined with the plain text, others feed back plaintext or ciphertext into the algorithm to create the keystream.

A stream cipher is an encryption algorithm which encrypts arbitrary length plaintext using a key. Some stream ciphers generate a keystream from only the key, which is then XOR-combined with the plain text. These are called synchronous stream ciphers. Others feed plaintext or ciphertext back into the algorithm to create the keystream. If they depend only on the key and a fixed window of ciphertext, they are called self-synchronizing stream ciphers.

Stream ciphers can be build from block ciphers using a mode of operation, or be independent algorithms. They are usually malleable (cf. malleability) unless an authentication algorithm is used.

Examples include:

The block cipher modes ctr, cfb and ofb all turn a block cipher into a stream cipher.
rc4 is a common stream cipher that is largely considered broken and being phased out.
salsa20 and chacha are newer stream ciphers used in the NaCl library and in TLS.

569 questions

votes

11 answers

Is modern encryption needlessly complicated?

RSA, DES, AES, etc., all use (relatively) complicated mathematics to encrypt some message with some key. For each of these methods, there have been several documented vulnerabilities found over the years. Some even believe that there is a…

encryption random-number-generator stream-cipher randomness one-time-pad

asked Sep 02 '11 at 03:16

Ozzah

votes

4 answers

Difference between stream cipher and block cipher

I read that A typical stream cipher encrypts plaintext one byte at a time, although a stream cipher may be designed to operate on one bit at a time or on units larger than a byte at a time. (Source: Cryptography and Network Security, William…

encryption block-cipher algorithm-design stream-cipher

asked Nov 11 '12 at 14:18

Ravindra Bagale

votes

1 answer

Why do 5G, 4G, etc., use non-conventional algorithms?

Looking up information about 5G and the previous 3GPP standards, why have they been incorporating non-conventional algorithms into the standards? For example, AES has been considered secure for ages and there is lots of support for hardware…

protocol-design stream-cipher standards

asked Jun 05 '20 at 14:52

MCCCS

votes

5 answers

With sufficient randomness, is XOR an acceptable mechanism for encrypting?

I have heard criticism of various cryptosystems saying that "at their heart, they were just XOR." Is this just ignorance, or is there something inherently wrong with XOR based ciphers?

xor stream-cipher

asked Jul 12 '11 at 22:15

John Gietzen

1,515
2
15
16

votes

4 answers

Is it feasible to build a stream cipher from a cryptographic hash function?

A few years ago I devised a symmetric-key system that worked like so: H() = some hashing function h = the number of bits in the result of H() key = bits to be used as a key ^ = the XOR operation + = concatenation len() = the length…

encryption hash block-cipher stream-cipher

asked Jul 12 '11 at 22:17

John Gietzen

1,515
2
15
16

votes

7 answers

What is the difference between a stream cipher and a one-time-pad?

A (synchronous) stream cipher is an algorithm which maps some fixed-length key to an arbitrary-length key-stream (i.e. a sequence of bits): $C : \{0,1\}^k \to \{0,1\}^{\infty}$. This key-stream is then XOR-ed with the plain text stream, giving the…

encryption stream-cipher one-time-pad

asked Sep 27 '11 at 17:54

Paŭlo Ebermann

22,946
7
82
119

votes

1 answer

How to attack a "many-time pad" based on what happens when an ASCII space is XORed with a letter?

I've already sent my correct solution to a homework exercise from Dan Boneh's Introduction to Cryptography class on Coursera: "Let us see what goes wrong when a stream cipher key is used more than once. Below are eleven hex-encoded ciphertexts that…

stream-cipher one-time-pad xor key-reuse ciphertext-only-attack

asked Jan 18 '13 at 17:40

sunrise

votes

2 answers

Can I use HMAC-SHA1 in counter mode to make a stream cipher?

Say I have an embedded device which is only capable of doing HMAC-SHA1 transformations (that device is, in fact, a YubiKey). Would it be secure to feed it like a block cipher in counter mode to get a random pad suitable as an stream cipher? Of…

mac stream-cipher hmac

asked Jan 09 '14 at 12:49

xxxxxxxxx

votes

4 answers

Can you make a hash out of a stream cipher?

A comment on another question made me wonder about something: Assume you're on a rather constrained platform — say, a low-end embedded device — with no built-in crypto capabilities, but you do have access to a simple stream cipher; say, RC4 or one…

hash provable-security stream-cipher

asked Mar 29 '12 at 13:56

Ilmari Karonen

46,700
5
112
189

votes

1 answer

Dancing confusion with Daniel J. Bernstein's stream ciphers

I know of Salsa20 which won the ESTREAM competition. This is dated of 25 Dec 2007. There is also the ChaCha20 stream cipher (cr.yp.to/chacha.html). This claims to increase the amount of diffusion per round. This is dated 28 Jan 2008. Then there is…

algorithm-design stream-cipher encryption salsa20

asked Dec 17 '14 at 10:58

x9c8v7

votes

3 answers

Converting a stream cipher into a block cipher

The well-known Counter-Mode (CTR) mode of operation for a block cipher essentially converts any block cipher into a stream cipher. Is there a way to do the reverse? In other words, given a "good" stream cipher $G$, can we construct a block cipher…

block-cipher stream-cipher

asked Sep 18 '11 at 14:13

Fixee

4,258
3
26
39

votes

1 answer

Security considerations on "expand 32-byte k"-magic number in the Salsa20 family of stream ciphers?

I'm currently examining the NaCl library written by Daniel J. Bernstein and I noticed that the library hard codes the sigma: static const unsigned char sigma[16] = "expand 32-byte k"; In all the salsa stream…

encryption stream-cipher salsa20 constants

asked Oct 21 '13 at 10:51

Pascal

votes

1 answer

Why do stream ciphers use a nonce?

My question maybe will be stupid, but my problem is that I do not understand why stream ciphers need a key and also a nonce. As far as I understand, the keystream is generated with the nonce. The same key can be reused with a different…

stream-cipher nonce

asked Nov 25 '15 at 09:50

robert

votes

3 answers

What is the PRG period of stream ciphers such as RC4 or Salsa20?

I am confused about how long a stream cipher can be used before you should change the key. To be concrete, let me use the stream cipher based on RC4 as an example. Let's say I want to encrypt a very long message. I pick a key with 128 bits and start…

stream-cipher rc4 salsa20

asked Mar 25 '12 at 18:37

rlandster

votes

2 answers

Streaming API to authenticated encryption

In regards to NaCl, I asked DJB he had any intent to add a streaming API to an authenticated cipher. His response was obvious in retrospect, that one should never release a decrypted plaintext before verifying the authenticator. However, this got me…

stream-cipher authenticated-encryption

asked Jan 16 '13 at 20:19

Stephen Touset

11,162
1
39
53

2 3

…

37 38 Next