Cryptography Reference
In-Depth Information
10.3
STREAM CIPHERS
Stream ciphers have played and continue to play an important role in cryptography.
In fact, many (proprietary) symmetric encryption systems used in military are stream
ciphers.
35
Remember from Section 10.1 that stream ciphers use internal state and
that the
i
th
ciphertext unit depends on the
i
th
plaintext unit, the secret key, and
some state. Also remember that it is common to distinguish between synchronous (or
additive) stream ciphers and nonsynchronous (or self-synchronizing) stream ciphers.
Having the modes of operation for block ciphers in mind, it is obvious that operating
a block cipher in CFB mode yields a nonsynchronous (self-synchronizing) stream
cipher (i.e., the next state depends on previously generated ciphertext units), whereas
operating a block cipher in OFB mode yields a synchronous (additive) stream cipher
(i.e., the next state does not depend on previously generated ciphertext units). Due
to their lack of error propagation, most stream ciphers in use today are synchronous
(or additive). They try to copy Vernam's one-time pad (see Section 10.4), adding
modulo 2 the plaintext message bitwise to a key stream.
Let Σ=
=Σ
n
for some reasonably sized
key length
n
. To encrypt an
l
-bit plaintext message
m
=
m
1
...m
l
∈M
=Σ
∗
,and
Z
2
=
{
0
,
1
}
,
M
=
C
K
using an
additive stream cipher, a secret key
k
must be expanded into a stream of
l
key
bits
k
1
,...,k
l
. The encryption function is then defined as follows:
∈K
E
k
(
m
)=
m
1
⊕
k
1
,...,m
l
⊕
k
l
=
c
1
,...,c
l
Similarly, the decryption function is defined as follows:
D
k
(
c
)=
c
1
⊕
k
1
,...,c
l
⊕
k
l
=
m
1
,...,m
l
The main question in the design of an additive stream cipher is how to expand
k
into a potentially infinite key stream (
k
i
)
i≥
1
. This is where the notion of a
feedback
shift register
(FSR) comes into play.
As illustrated in Figure 10.13, an FSR consists of a register, a feedback func-
tion, and an internal clock. At every clock signal, the feedback function computes a
new value from the register cells, and this new value is fed into the register from the
left. Consequently, the contents of all register cells are shifted to the right, and the
35
The popularity of stream ciphers, however, is also controversial (to say the least). At the Cryptogra-
pher's Panel of the RSA Conference 2004, for example, Adi Shamir gave a short but very interesting
talk entitled “The Death of the Stream Cipher.” In this talk, Shamir noticed and tried to explain why
stream ciphers are losing popularity against block ciphers. Nevertheless, stream ciphers have been,
and continue to be, important for military and commercial encryption systems.
