Cryptography Reference
In-Depth Information
a possibility. In the past, many other stream ciphers were found to be not secure.
More information on Trivium can be found in [164].
2.4 Discussion and Further Reading
Established Stream Ciphers
Even though many stream ciphers have been pro-
posed over the years, there are considerably fewer well-investigated ones. The se-
curity of many proposed stream ciphers is unknown, and many stream ciphers have
been broken. In the case of software-oriented stream ciphers, arguably the best-
investigated ones are RC4 [144] and SEAL [120, Sect. 6.4.1]. Note that there are
some known weaknesses in RC4, even though it is still secure in practice if it is used
correctly [142]. The SEAL cipher, on the other hand, is patented.
In the case of hardware-oriented ciphers, there is a wealth of LFSR-based al-
gorithms. Many proposed ciphers have been broken; see references [8, 85] for an
introduction. Among the best-studied ones are the A5/1 and A5/2 algorithms which
are used in GSM mobile networks for voice encryption between cell phones and
base stations. A5/1, which is the cipher used in most industrialized nations, had
originally been kept secret but was reverse-engineered and published on the Internet
in 1998. The cipher is borderline secure today [22], whereas the weaker A5/2 has
much more serious flaws [11]. Neither of the two ciphers is recommended based on
today's understanding of cryptanalysis. For 3GPP mobile communication, a differ-
ent cipher A5/3 (also named
KASUMI
) is used, but it is a block cipher.
This somewhat pessimistic outlook on the state-of-the-art in stream ciphers
changed with the eSTREAM project, described below.
eSTREAM Project
The
eSTREAM project
had the explicit goal to advance the
state-of-the-art knowledge about stream cipher design. As part of this objective,
new stream ciphers that might become suitable for widespread adoption were in-
vestigated. eSTREAM was organized by the European Network of Excellence in
Cryptography (ECRYPT). The call for stream ciphers was first issued in November
2004 and ended in 2008. The ciphers were divided into two “profiles”, depending
on the intended application:
Profile 1: Stream ciphers for software applications with high throughput require-
ments.
Profile 2: Stream ciphers for hardware applications with restricted resources such
as limited storage, gate count, or power consumption.
Some cryptographers had emphasized the importance of including an authentication
method, and hence two further profiles were also included to deal with ciphers that
also provide authentication.
A total of 34 candidates were submitted to eSTREAM. At the end of the project
four software-oriented (“Profile 1”) ciphers were found to have desirable properties:
HC-128
,
Rabbit
,
Salsa20/12
and
SOSEMANUK
. With respect to hardware-oriented
ciphers (“Profile 2”), the following three ciphers were selected:
Grain v1
,
MICKEY
