Cryptography Reference
In-Depth Information
Stream ciphers:
In a
stream cipher
, the encrypting and decrypting devices have
internal state (i.e., the
i
th
ciphertext unit depends on the
i
th
plaintext unit, the
secret key, and the internal state). Consequently, stream ciphers represent the-
oretically more advanced and more powerful symmetric encryption systems
than block ciphers (in practice, things are more involved and the question
of whether block ciphers or stream ciphers are more advanced is discussed
controversially). There are two major classes of stream ciphers that differ in
their state transition function (i.e., in the way they manipulate the internal
state and compute the next state). In a
synchronous
stream cipher, the next
state does not depend on the previously generated ciphertext units, whereas in
a
nonsynchronous
stream cipher, the next state also depends on some (or all)
of the previously generated ciphertext units. Synchronous stream ciphers are
also called
additive stream ciphers
, and nonsynchronous stream ciphers are
also called
self-synchronizing stream ciphers
. In this topic, we use these terms
synonymously and interchangeably. Stream ciphers are further addressed in
Section 10.3.
The distinction between block ciphers and stream ciphers is less precise than
one might expect. In fact, there are modes of operation that turn a block cipher into
a stream cipher (be it synchronous or nonsynchronous). Some of these modes are
overviewed and briefly discussed in Section 10.2.3.
10.1.3
Secure Symmetric Encryption Systems
In Section 1.2.2, we said that we must formally define the term
security
before we
can make precise statements about the security of a cryptographic system, such as
a symmetric encryption system. More specifically, we must specify and nail down
the adversary's capabilities and the task he or she is required to solve in order to be
successful (i.e., to break the security of the system). This brings us to the following
list of attacks that are usually distinguished in the literature.
Ciphertext-only attacks:
In a
ciphertext-only attack
, the adversary knows one or
several ciphertext units and tries to determine the corresponding plaintext
message units or the key(s) that has (have) been used for encryption. In
the second case, the adversary is able to decrypt any ciphertext unit that
is encrypted with the key(s). An encryption system that is (known to be)
vulnerable to a ciphertext-only attack is totally insecure and should not be
used.
Known-plaintext attacks:
In a
known-plaintext attack
, the adversary knows one
or several ciphertext and plaintext pairs, and tries either to determine the key(s)
