Cryptography Reference
In-Depth Information
the most impractical one: Key stream bits cannot be re-used.
This implies that we
need one key bit for every bit of plaintext.
Hence, our key is as long as the plaintext!
This is probably the major drawback of the OTP. Even if Alice and Bob share a CD
with 1 MByte of true random numbers, we run quickly into limits. If they send a
single email with an attachment of 1 MByte, they could encrypt and decrypt it, but
after that they would need to exchange a true random key stream again.
For these reasons OTPs are rarely used in practice. However, they give us a great
design idea for secure ciphers: If we XOR truly random bits and plaintext, we get
ciphertext that can certainly not be broken by an attacker. We will see in the next
section how we can use this fact to build practical stream ciphers.
2.2.3 Towards Practical Stream Ciphers
In the previous section we saw that OTPs are unconditionally secure, but that they
have drawbacks which make them impractical. What we try to do with practical
stream ciphers is to replace the truly random key stream bits by a pseudorandom
number generator where the key
k
serves as a seed. The principle of practical stream
ciphers is shown in Fig. 2.5.
Fig. 2.5
Practical stream ciphers
Before we turn to stream ciphers used in the real world, it should be stressed that
practical stream ciphers are not unconditionally secure. In fact,
all
known practical
crypto algorithms (stream ciphers, block ciphers, public-key algorithms) are not
unconditionally secure. The best we can hope for is
computational security
, which
we define as follows:
Definition 2.2.3
Computational Security
A cryptosystem is
computationally secure
if the best known algo-
rithm for breaking it requires at least
t
operations.
