An Introduction to Stream Ciphers
Zahra Ahmadian
Electrical Engineering Department
Sahrif University of Technology
[email protected]
Overview
• The development of stream ciphers
• Two types of stream ciphers
– Synchronizing stream ciphers
– Self synchronizing stream ciphers
• Cryptanalyses of stream ciphers
• eStream project
• Conclusion
Taxonomy of cryptographic
primitives
Keyed Hash Functions
Vernam one time pad cipher
• Vernam one time pad cipher: a sequence of
independent and uniformly distributed bits.
•  its perfect security is proven by Shannon; I(M,C)=0.
•  No deterministic algorithm can produce truly
independent outputs.
•  The keystream should be at least as long as the
plaintext and each key should be used only once so the
exchanging of the private key becomes difficult.
The development of Stream cipher
• Tries to be a generalization of Vernam cipher.
• Turning a blind eye, Stream ciphers can be considered as
Pseudo Random Generators (PRG).
• Generation of a periodic key stream with
– maximal period,
– Maximal linear complexity,
– Easy to implement,
– Fast algorithm,
– Easily controlled by the key.
Stream cipher V.S. Block ciphers
• Stream ciphers are typically
• Faster
– Suitable for real time scenarios
– multi-Gigabit-per-second communications e.g. routers
• More efficient compact implementation
– Suitable for constrained devices
• zero error propagation
– Suitable for radio communications
Current widespread application
• A5 family in GSM mobile network
• SNOW 3G in UMTS mobile network
• E0 in Bluetooth
• RC4 in Wired Equivalent Privacy (WEP)
• …
synchronous stream cipher
self-synchronizing stream cipher
Comparison of synchronous and Self
synchronizing Stream ciphers
Property
synchronous
Self synchronizing
Weak (IV is needed)
Good
Error propagation
Good
Weak
Detection of active attacks
Weak
Good
Ctx only
Yes
Yes
Known Ptx
Yes
Yes
Chosen Ptx
No
Yes
Known Ctx
No
Yes
Synchronizing
Possible attack scenarios
Cryptanalysis of stream ciphers
• The standard assumption: KNOWN PLAINTEXT
ATTACK
• This implies knowledge of the keystream
Types of attacks
• Key Recovery attacks
– Recover the secret key k.
• Distinguishing Attacks
– Build a distinguisher that can distinguish the running key
from a random sequence
• Other attacks:
– Prediction of the next symbol
– Recovering the initial state
– …
Attack techniques
• Universal distinguishers
– Apply known statistical tests
• Time-memory tradeoff attacks
– Decrease computational complexity by using memory
• Guess-and-determine
– Guess unknown things on demand
Attack techniques
• Correlation attacks
– Dependence between output and internal unknown
variables
• Linear attacks
– Apply linear approximations
• Algebraic attacks
– View your problem as the solution to a system of
nonlinear equations
eStream Project
eStream Project
• Held by ECRYPT a consortium of European research
organizations.
• A multi-year effort running from 2004 to 2008
• A Call for Stream Cipher Primitives to identify
new stream ciphers suitable for widespread adoption.
eStream Project
• The submissions fall into either or both of two
profiles:
– Profile 1: Stream ciphers for software applications with
high throughput requirements
– Profile 2: Stream ciphers for hardware applications
with restricted resources such as limited storage, gate
count, or power consumption.
Three phases of eStream Project
• Phase 1. a general analysis of all submissions based on
their security, performance, simplicity, flexibility,
justification, clarity and completeness of the
documentation.
• Phase 2. For each of the profiles, a number of
algorithms have been selected to be focus Phase 2
algorithm.
Three phases of eStream Project
• Phase 3. for each of the profiles, eight candidate have
been introduced to be analyzed with more scrutiny,
• It ended April 15, 2008 with the announcement of the
candidates that had been selected for the final
eSTREAM portfolio.
Profile 1 (SW)
Profile 2 (HW)
HC-128
Grain v1
Rabbit
MICKEY v2
Salsa20/12
Trivium
SOSEMANUK
Conclusion
• Due to the advantages of stream ciphers, they are
widely used in many applications (e.g. wireless)
• Before eStream project, there was a little work on
stream ciphers.
• eStream introduced new block cipher designs and also
results in a extensive development in cryptanalysis
method for stream ciphers.
• A serious competitor for stream ciphers are block
ciphers in counter or OFB modes of operation.