Cryptography Reference
In-Depth Information
based stream ciphers as well. Detailed surveys on different kinds of stream
ciphers are available in [149,150].
There are two types of stream ciphers. The simplest type, in which the
keystream is constructed from the key, independent of the plaintext string, is
called synchronous stream cipher. Whereas, if each keystream element (bit
or byte or word) depends on the previous plaintext or ciphertext elements as
well as the key, it is called self-synchronous stream cipher. In a synchronous
stream cipher, both the sender and the receiver must be synchronized for
proper decryption. In other words, they must use the same key and operate
at the same state given that key. Synchronization may be lost if ciphertext
elements are inserted or deleted during the transmission, causing the decryp-
tion to fail. For re-synchronization, one needs additional techniques such as
re-initialization, placing special markers at regular intervals in the ciphertext,
or trying all possible keystream offsets (if the plaintext contains enough re-
dundancy). In self-synchronous stream ciphers, the decryption depends only
on a fixed number of preceding ciphertext characters. Thus, they are capable
of re-establishing proper decryption automatically after loss of synchroniza-
tion, at the cost of only a fixed number of irrecoverable plaintext characters.
RC4 is a synchronous stream cipher, whereas Mosquito [33] is an example of
a self-synchronous stream cipher.
In a stream cipher, the same key always produces the same keystream.
Hence, repeated use of the same key is just as bad as reusing a one-time pad.
One approach to handle this problem is to renew the secret key from time
to time. But this involves key exchange overhead. An alternative remedy is
the use of initialization vectors. An Initialization Vector (IV) is a random
value that changes with each session of the cipher. The IV is combined with
the secret key to form the effective key for the corresponding session of the
cipher, called a session key. Different session keys make the output of the
stream cipher different in each session, even if the same key is used.
During 2000-2003, a European research project called New European
Schemes for Signatures, Integrity and Encryption (NESSIE) [127] was es-
tablished to identify secure cryptographic primitives. Six stream ciphers were
submitted to the NESSIE project, but none was selected for the portfolio.
In Asiacrypt 2004, Shamir raised the pertinent question [162]: “Stream Ci-
phers: Dead or Alive?” In the same year, a 4-year European research initiative
was launched under the name European Network of Excellence for Cryptol-
ogy (ECRYPT) and a project called eSTREAM was started with an aim to
identifying “new stream ciphers that might become suitable for widespread
adoption.” The submissions to eSTREAM fall into either or both of two pro-
files:
1. Profile 1: “Stream ciphers for software applications with high through-
put requirements.”
2. Profile 2: “Stream ciphers for hardware applications with restricted re-
sources such as limited storage, gate count, or power consumption.”
