383:
571:
513:
426:
276:
3067:
829:
122:
25:
729:(not operating in a stream cipher mode) were to be used in this type of application, the designer would need to choose either transmission efficiency or implementation complexity, since block ciphers cannot directly work on blocks shorter than their block size. For example, if a 128-bit block cipher received separate 32-bit bursts of plaintext, three quarters of the data transmitted would be
549:
242:
A stream cipher makes use of a much smaller and more convenient key such as 128 bits. Based on this key, it generates a pseudorandom keystream which can be combined with the plaintext digits in a similar fashion to the one-time pad. However, this comes at a cost. The keystream is now pseudorandom and
306:
In a synchronous stream cipher, the sender and receiver must be exactly in step for decryption to be successful. If digits are added or removed from the message during transmission, synchronisation is lost. To restore synchronisation, various offsets can be tried systematically to obtain the correct
238:
in 1949. However, the keystream must be generated completely at random with at least the same length as the plaintext and cannot be used more than once. This makes the system cumbersome to implement in many practical applications, and as a result the one-time pad has not been widely used, except for
480:
comprises three LFSRs, which we will call LFSR0, LFSR1 and LFSR2 for convenience. The output of one of the registers decides which of the other two is to be used; for instance, if LFSR2 outputs a 0, LFSR0 is clocked, and if it outputs a 1, LFSR1 is clocked instead. The output is the exclusive OR of
310:
If, however, a digit is corrupted in transmission, rather than added or lost, only a single digit in the plaintext is affected and the error does not propagate to other parts of the message. This property is useful when the transmission error rate is high; however, it makes it less likely the error
744:
Another advantage of stream ciphers in military cryptography is that the cipher stream can be generated in a separate box that is subject to strict security measures and fed to other devices such as a radio set, which will perform the XOR operation as part of their function. The latter device can
492:
takes a different approach. Two LFSRs are used, both clocked regularly. If the output of the first LFSR is 1, the output of the second LFSR becomes the output of the generator. If the first LFSR outputs 0, however, the output of the second is discarded, and no bit is output by the generator. This
484:
The stop-and-go generator (Beth and Piper, 1984) consists of two LFSRs. One LFSR is clocked if the output of a second is a 1, otherwise it repeats its previous output. This output is then (in some versions) combined with the output of a third LFSR clocked at a regular rate.
210:, a block cipher primitive is used in such a way that it acts effectively as a stream cipher. Stream ciphers typically execute at a higher speed than block ciphers and have lower hardware complexity. However, stream ciphers can be susceptible to security breaches (see
374:(LFSRs) because they can be easily implemented in hardware and can be readily analysed mathematically. The use of LFSRs on their own, however, is insufficient to provide good security. Various schemes have been proposed to increase the security of LFSRs.
315:: if an attacker can change a digit in the ciphertext, they might be able to make predictable changes to the corresponding plaintext bit; for example, flipping a bit in the ciphertext causes the same bit to be flipped in the plaintext.
290:
a stream of pseudorandom digits is generated independently of the plaintext and ciphertext messages, and then combined with the plaintext (to encrypt) or the ciphertext (to decrypt). In the most common form, binary digits are used
687:(OFB) mode. However, when not using full feedback, the resulting stream has a period of around 2 blocks on average; for many applications, the period is far too low. For example, if encryption is being performed at a rate of 8
493:
mechanism suffers from timing attacks on the second generator, since the speed of the output is variable in a manner that depends on the second generator's state. This can be alleviated by buffering the output.
2278:, Chapter 2 of "Understanding Cryptography, A Textbook for Students and Practitioners". (companion web site contains online cryptography course that covers stream ciphers and LFSR), Springer, 2009.
251:
A stream cipher generates successive elements of the keystream based on an internal state. This state is updated in essentially two ways: if the state changes independently of the plaintext or
461:
Normally LFSRs are stepped regularly. One approach to introducing non-linearity is to have the LFSR clocked irregularly, controlled by the output of a second LFSR. Such generators include the
721:
Stream ciphers are often used for their speed and simplicity of implementation in hardware, and in applications where plaintext comes in quantities of unknowable length like a secure
343:). The idea of self-synchronization was patented in 1946 and has the advantage that the receiver will automatically synchronise with the keystream generator after receiving
347:
ciphertext digits, making it easier to recover if digits are dropped or added to the message stream. Single-digit errors are limited in their effect, affecting only up to
243:
so is not truly random. The proof of security associated with the one-time pad no longer holds. It is quite possible for a stream cipher to be completely insecure.
462:
713:
The elements of stream ciphers are often much simpler to understand than block ciphers and are thus less likely to hide any accidental or malicious weaknesses.
3047:
2877:
703:
263:
stream ciphers update their state based on previous plaintext or ciphertext digits. A system that incorporates the plaintext into the key is also known as an
764:
698:
are attackable because of weaknesses in RC4's key setup routine; new applications should either avoid RC4 or make sure all keys are unique and ideally
2077:
Garcia, Flavio D.; de Koning Gans, Gerhard; Muijrers, Ruben; van Rossum, Peter; Verdult, Roel; Schreur, Ronny
Wichers; Jacobs, Bart (4 October 2008).
741:
mode to avoid padding, while stream ciphers eliminate this issue by naturally operating on the smallest unit that can be transmitted (usually bytes).
402:
Because LFSRs are inherently linear, one technique for removing the linearity is to feed the outputs of several parallel LFSRs into a non-linear
2264:
2171:
2078:
2715:
2333:
206:. Block ciphers operate on large blocks of digits with a fixed, unvarying transformation. This distinction is not always clear-cut: in some
664:
Securely using a secure synchronous stream cipher requires that one never reuse the same keystream twice. That generally means a different
620:
or internal state from the keystream. Cryptographers also demand that the keystream be free of even subtle biases that would let attackers
559:
Instead of a linear driving device, one may use a nonlinear update function. For example, Klimov and Shamir proposed triangular functions (
2298:
1037:
668:
or key must be supplied to each invocation of the cipher. Application designers must also recognize that most stream ciphers provide not
234:
digits. The keystream is combined with the plaintext digits one at a time to form the ciphertext. This system was proven to be secure by
2578:
311:
would be detected without further mechanisms. Moreover, because of this property, synchronous stream ciphers are very susceptible to
1842:
2110:
Lu, Yi; Meier, Willi; Vaudenay, Serge (2005). "The
Conditional Correlation Attack: A Practical Attack on Bluetooth Encryption".
2205:
2142:
2047:
89:
61:
2063:
661:
so they are not necessarily practical ways to break the cipher but indicate that the cipher might have other weaknesses.
3100:
2708:
2640:
2326:
2017:
868:
501:
Another approach to improving the security of an LFSR is to pass the entire state of a single LFSR into a non-linear
108:
68:
2275:
359:
239:
the most critical applications. Key generation, distribution and management are critical for those applications.
202:
for decrypting the ciphertext stream. Stream ciphers represent a different approach to symmetric encryption from
2926:
2857:
2635:
2625:
2011:
850:
846:
371:
207:
75:
46:
42:
1989:
1852:
169:
stream. Since encryption of each digit is dependent on the current state of the cipher, it is also known as
2701:
2319:
1521:
57:
3042:
2997:
2800:
2084:. 13th European Symposium on Research in Computer Security (ESORICS 2008), LNCS, Springer. Archived from
707:
2921:
2609:
2468:
1012:
738:
679:
Short periods for stream ciphers have been a practical concern. For example, 64-bit block ciphers like
624:
a stream from random noise, and free of detectable relationships between keystreams that correspond to
477:
466:
2119:. Lecture Notes in Computer Science. Vol. 3621. Santa Barbara, California, USA. pp. 97β117.
3037:
1544:
312:
2288:
2245:
2164:
2125:
2085:
582:
524:
437:
307:
decryption. Another approach is to tag the ciphertext with markers at regular points in the output.
3027:
3017:
2872:
2604:
1981:
1906:
680:
2038:
Deane, Arthur; Kraus, Aaron (2021). "Chapter 3: Domain 3: Security
Architecture and Engineering".
3095:
3022:
3012:
2805:
2765:
2758:
2743:
2738:
1902:
839:
165:
is encrypted one at a time with the corresponding digit of the keystream, to give a digit of the
144:
35:
2293:
2236:
Matt J. B. Robshaw, Stream
Ciphers Technical Report TR-701, version 2.0, RSA Laboratories, 1995
2111:
2810:
2753:
2120:
1548:
1164:
971:
966:
730:
414:
are critical for ensuring the security of the resultant scheme, for example, in order to avoid
3070:
2916:
2862:
2676:
2650:
2503:
1953:
921:
607:
222:
Stream ciphers can be viewed as approximating the action of a proven unbreakable cipher, the
3032:
2956:
2671:
481:
the last bit produced by LFSR0 and LFSR1. The initial state of the three LFSRs is the key.
211:
82:
8:
2785:
2599:
1389:
734:
665:
629:
489:
470:
2901:
2885:
2827:
2666:
2152:
1945:
1787:
913:
415:
1534:
RC4 does not take an IV. If one desires an IV, it must be mixed into the key somehow.
2961:
2951:
2817:
2138:
2043:
613:
235:
199:
2216:
2896:
2748:
2448:
2254:
2130:
1807:
1759:
1750:
1379:
722:
403:
2568:
2563:
2538:
2412:
1929:
1798:
1603:
1469:
897:
784:
684:
355:
162:
2366:
2237:
1577:
2971:
2891:
2847:
2790:
2775:
2630:
2483:
2438:
1237:
1174:
776:
772:
264:
191:
2042:(6th ed.). Hoboken, New Jersey: John Wiley & Sons, Inc. p. 232.
3089:
3052:
2966:
2946:
2837:
2795:
2770:
2583:
2543:
2523:
2513:
2478:
1882:
1638:
1458:
1408:
1144:
812:
800:
792:
768:
751:
is becoming the most widely used stream cipher in software; others include:
279:
2259:
382:
3002:
2842:
2832:
2822:
2780:
2724:
2206:"Analysis of Energy Consumption of RC4 and AES Algorithms in Wireless LANs"
726:
296:
223:
203:
180:
151:
2981:
2518:
2376:
1478:
1436:
1114:
699:
691:
per second, a stream of period 2 blocks will repeat after about an hour.
186:
The pseudorandom keystream is typically generated serially from a random
133:, an LFSR-based stream cipher used to encrypt mobile phone conversations.
570:
512:
425:
275:
2941:
2911:
2906:
2867:
2645:
2203:
2134:
1769:
1567:
1540:
853: in this section. Unsourced material may be challenged and removed.
560:
252:
195:
187:
166:
2076:
354:
An example of a self-synchronising stream cipher is a block cipher in
327:
ciphertext digits to compute the keystream. Such schemes are known as
2931:
2558:
2488:
2422:
1993:
1722:
1694:
1211:
808:
227:
159:
155:
126:
828:
657:
As with other attacks in cryptography, stream cipher attacks can be
24:
2976:
2936:
2371:
1948:
1612:
1486:
1084:
916:
748:
688:
634:
214:); for example, when the same starting state (seed) is used twice.
2294:
Cryptanalysis and Design of Stream
Ciphers (thesis by Hongjun Wu).
2186:
612:
For a stream cipher to be secure, its keystream must have a large
121:
2417:
2391:
2006:
1558:
1056:
796:
2852:
2508:
2473:
2443:
2407:
1370:
1342:
1286:
1256:
1246:
1202:
788:
231:
147:
2533:
2528:
2299:
Analysis of
Lightweight Stream Ciphers (thesis by S. Fischer).
1988:, referring to algorithms that use some function to combine a
676:: encrypted messages may still have been modified in transit.
295:), and the keystream is combined with the plaintext using the
2553:
804:
2185:
Banik, Subhadeep; Maitra, Subhamoy; Sarkar, Santanu (2013).
2064:"Do the ChaCha: Better mobile performance with cryptography"
2573:
2548:
2498:
2493:
2361:
2356:
1833:
1666:
1314:
984:
941:
780:
760:
756:
710:) and that the first bytes of the keystream are discarded.
365:
130:
745:
then be designed and used in less stringent environments.
282:
machine as used by the German military during World War II
217:
2381:
1512:
752:
695:
552:
292:
176:
953:
632:. That should be true for all keys (there should be no
2878:
Cryptographically secure pseudorandom number generator
548:
555:
is one of the most widely used stream cipher designs.
2303:
318:
390:LFSRs in parallel, their outputs combined using an
49:. Unsourced material may be challenged and removed.
893:
370:Binary stream ciphers are often constructed using
2184:
377:
3087:
2289:RSA technical report on stream cipher operation.
2204:P. Prasithsangaree and P. Krishnamurthy (2003).
2109:
456:
323:Another approach uses several of the previous
2709:
2327:
270:
2187:"A Differential Fault Attack on MICKEY 2.0"
150:where plaintext digits are combined with a
2716:
2702:
2334:
2320:
2037:
1589:a 64-bit nonce + a 64-bit stream position
694:Some applications using the stream cipher
2258:
2243:
2124:
869:Learn how and when to remove this message
109:Learn how and when to remove this message
547:
381:
366:Based on linear-feedback shift registers
274:
255:messages, the cipher is classified as a
120:
2170:CS1 maint: location missing publisher (
2040:The Official (ISC)2 CISSP CBK Reference
683:can be used to generate a keystream in
218:Loose inspiration from the one-time pad
3088:
933:
925:
920:
563:) with a single cycle on n-bit words.
175:. In practice, a digit is typically a
2697:
2315:
1069:
2113:Advances in Cryptology β CRYPTO 2005
1754:
1726:
1670:
1562:
1440:
1374:
1290:
1206:
1178:
1118:
1088:
851:adding citations to reliable sources
822:
702:(such as generated by a well-seeded
565:
507:
420:
47:adding citations to reliable sources
18:
1588:
496:
137:
13:
2341:
2244:Beth, Thomas; Piper, Fred (1985).
1865:
1860:
1595:Probabilistic neutral bits method
1299:
1097:
299:operation (XOR). This is termed a
179:and the combining operation is an
14:
3112:
2282:
2253:. EUROCRYPT '84. pp. 88β92.
2018:Nonlinear-feedback shift register
1984:documents sometimes use the term
1377:
1306:Differential Fault Attack (2013)
1129:
329:self-synchronizing stream ciphers
319:Self-synchronizing stream ciphers
3066:
3065:
2723:
2270:from the original on 2019-03-29.
1876:
1873:
1506:
1503:
1430:
1427:
1333:
1269:
1078:
1075:
827:
733:. Block ciphers must be used in
569:
543:
511:
424:
394:-input binary Boolean function (
23:
1278:weak-internal-state-derivation
838:needs additional citations for
616:, and it must be impossible to
410:. Various properties of such a
372:linear-feedback shift registers
34:needs additional citations for
2927:Information-theoretic security
2197:
2178:
2103:
2070:
2056:
2031:
2012:Linear-feedback shift register
1032:Brute force for frame lengths
378:Non-linear combining functions
1:
2230:
1990:pseudorandom number generator
818:
301:binary additive stream cipher
226:(OTP). A one-time pad uses a
2626:block ciphers in stream mode
2079:"Dismantling MIFARE Classic"
638:), even if the attacker can
259:stream cipher. By contrast,
158:). In a stream cipher, each
16:Type of symmetric key cipher
7:
3043:Message authentication code
2998:Cryptographic hash function
2801:Cryptographic hash function
2000:
708:cryptographic hash function
601:
457:Clock-controlled generators
333:asynchronous stream ciphers
10:
3117:
2922:Harvest now, decrypt later
2610:alternating step generator
2274:Christof Paar, Jan Pelzl,
739:residual block termination
605:
478:alternating step generator
467:alternating step generator
271:Synchronous stream ciphers
3061:
3038:Post-quantum cryptography
2990:
2731:
2693:
2659:
2618:
2592:
2461:
2431:
2400:
2390:
2349:
2311:
2307:
2247:The Stop and Go Generator
2191:Cryptology ePrint Archive
1974:
1937:
1934:
1925:
1920:
1915:
905:
902:
888:
883:
288:synchronous stream cipher
3101:Cryptographic primitives
3028:Quantum key distribution
3018:Authenticated encryption
2873:Random number generation
2605:self-shrinking generator
2024:
1986:combiner-type algorithms
1982:National Security Agency
716:
618:recover the cipher's key
246:
3023:Public-key cryptography
3013:Symmetric-key algorithm
2806:Key derivation function
2766:Cryptographic primitive
2759:Authentication protocol
2744:Outline of cryptography
2739:History of cryptography
2260:10.1007/3-540-39757-4_9
1362:Hash collisions (2001)
1038:Correlation attack for
386:One approach is to use
2811:Secure Hash Algorithms
2754:Cryptographic protocol
1627:64-bit round function
1621:128 + a 128-bit nonce
1598:2 for 8 rounds (2007)
1165:Known-plaintext attack
556:
399:
283:
134:
2917:End-to-end encryption
2863:Cryptojacking malware
2677:stream cipher attacks
1954:Initialization vector
974:timeβmemory tradeoff
922:Initialization vector
608:Stream cipher attacks
551:
463:stop-and-go generator
408:combination generator
385:
278:
267:or autoclave cipher.
212:stream cipher attacks
154:cipher digit stream (
125:The operation of the
124:
3033:Quantum cryptography
2957:Trusted timestamping
2672:correlation immunity
1400:Differential (2006)
847:improve this article
630:cryptographic nonces
43:improve this article
2786:Cryptographic nonce
2600:shrinking generator
2350:Widely used ciphers
2091:on 23 February 2021
2066:. 23 February 2015.
1300:Variable (0 to 80)
977:~ 2 seconds OR
735:ciphertext stealing
490:shrinking generator
471:shrinking generator
416:correlation attacks
2902:Subliminal channel
2886:Pseudorandom noise
2828:Key (cryptography)
2667:correlation attack
2135:10.1007/11535218_7
1788:Brute force attack
1449:(usually 40β256?)
1276:(2006) First-round
1104:Active KPA (2008)
581:. You can help by
557:
523:. You can help by
503:filtering function
436:. You can help by
412:combining function
400:
351:plaintext digits.
337:ciphertext autokey
284:
261:self-synchronising
208:modes of operation
135:
3083:
3082:
3079:
3078:
2962:Key-based routing
2952:Trapdoor function
2818:Digital signature
2689:
2688:
2685:
2684:
2457:
2456:
2144:978-3-540-28114-6
2049:978-1-119-78999-4
1972:
1971:
1868:(usually 80β256)
1863:(usually 80β256)
1531:(usually 40β256)
1267:(usually 40β256)
1013:Achterbahn-128/80
1007:4.6 milliseconds
879:
878:
871:
725:connection. If a
599:
598:
541:
540:
454:
453:
236:Claude E. Shannon
200:cryptographic key
119:
118:
111:
93:
3108:
3069:
3068:
2897:Insecure channel
2749:Classical cipher
2718:
2711:
2704:
2695:
2694:
2398:
2397:
2336:
2329:
2322:
2313:
2312:
2309:
2308:
2305:
2304:
2276:"Stream Ciphers"
2271:
2269:
2262:
2252:
2224:
2223:
2221:
2215:. Archived from
2210:
2201:
2195:
2194:
2182:
2176:
2175:
2168:
2162:
2158:
2156:
2148:
2128:
2118:
2107:
2101:
2100:
2098:
2096:
2090:
2083:
2074:
2068:
2067:
2060:
2054:
2053:
2035:
1388:256 + a 128-bit
1051: β€ 2.
1036: β€ 2.
881:
880:
874:
867:
863:
860:
854:
831:
823:
594:
591:
573:
566:
536:
533:
515:
508:
497:Filter generator
449:
446:
428:
421:
404:Boolean function
280:Lorenz SZ cipher
139:
114:
107:
103:
100:
94:
92:
51:
27:
19:
3116:
3115:
3111:
3110:
3109:
3107:
3106:
3105:
3086:
3085:
3084:
3075:
3057:
2986:
2727:
2722:
2681:
2655:
2614:
2588:
2453:
2427:
2386:
2345:
2340:
2285:
2267:
2250:
2233:
2228:
2227:
2219:
2208:
2202:
2198:
2183:
2179:
2169:
2160:
2159:
2150:
2149:
2145:
2126:10.1.1.323.9416
2116:
2108:
2104:
2094:
2092:
2088:
2081:
2075:
2071:
2062:
2061:
2057:
2050:
2036:
2032:
2027:
2003:
1977:
1967:
1959:
1944:
1930:cycles per byte
1927:
1922:
1917:
1867:
1862:
1856:
1850:
1846:
1811:
1773:
1767:
1763:
1616:
1581:
1575:
1571:
1530:
1525:
1490:
1482:
1448:
1383:
1281:4.67Γ10 (2001)
1277:
1266:
1260:
1254:
1250:
1215:
1194:Key derivation
1126:
1108:
978:
970:
935:
927:
912:
898:cycles per byte
895:
890:
885:
875:
864:
858:
855:
844:
832:
821:
719:
685:output feedback
659:certificational
610:
604:
595:
589:
586:
579:needs expansion
546:
537:
531:
528:
521:needs expansion
499:
459:
450:
444:
441:
434:needs expansion
380:
368:
356:cipher feedback
321:
273:
249:
220:
192:shift registers
115:
104:
98:
95:
58:"Stream cipher"
52:
50:
40:
28:
17:
12:
11:
5:
3114:
3104:
3103:
3098:
3096:Stream ciphers
3081:
3080:
3077:
3076:
3074:
3073:
3062:
3059:
3058:
3056:
3055:
3050:
3048:Random numbers
3045:
3040:
3035:
3030:
3025:
3020:
3015:
3010:
3005:
3000:
2994:
2992:
2988:
2987:
2985:
2984:
2979:
2974:
2972:Garlic routing
2969:
2964:
2959:
2954:
2949:
2944:
2939:
2934:
2929:
2924:
2919:
2914:
2909:
2904:
2899:
2894:
2892:Secure channel
2889:
2883:
2882:
2881:
2870:
2865:
2860:
2855:
2850:
2848:Key stretching
2845:
2840:
2835:
2830:
2825:
2820:
2815:
2814:
2813:
2808:
2803:
2793:
2791:Cryptovirology
2788:
2783:
2778:
2776:Cryptocurrency
2773:
2768:
2763:
2762:
2761:
2751:
2746:
2741:
2735:
2733:
2729:
2728:
2721:
2720:
2713:
2706:
2698:
2691:
2690:
2687:
2686:
2683:
2682:
2680:
2679:
2674:
2669:
2663:
2661:
2657:
2656:
2654:
2653:
2648:
2643:
2638:
2633:
2631:shift register
2628:
2622:
2620:
2616:
2615:
2613:
2612:
2607:
2602:
2596:
2594:
2590:
2589:
2587:
2586:
2581:
2576:
2571:
2566:
2561:
2556:
2551:
2546:
2541:
2536:
2531:
2526:
2521:
2516:
2511:
2506:
2501:
2496:
2491:
2486:
2481:
2476:
2471:
2465:
2463:
2459:
2458:
2455:
2454:
2452:
2451:
2446:
2441:
2435:
2433:
2429:
2428:
2426:
2425:
2420:
2415:
2410:
2404:
2402:
2395:
2388:
2387:
2385:
2384:
2379:
2374:
2369:
2364:
2359:
2353:
2351:
2347:
2346:
2343:Stream ciphers
2339:
2338:
2331:
2324:
2316:
2302:
2301:
2296:
2291:
2284:
2283:External links
2281:
2280:
2279:
2272:
2241:
2232:
2229:
2226:
2225:
2222:on 2013-12-03.
2196:
2177:
2161:|journal=
2143:
2102:
2069:
2055:
2048:
2029:
2028:
2026:
2023:
2022:
2021:
2015:
2009:
2002:
1999:
1998:
1997:
1992:(PRNG) with a
1980:United States
1976:
1973:
1970:
1969:
1964:
1961:
1956:
1951:
1940:
1939:
1936:
1933:
1924:
1919:
1913:
1912:
1909:
1900:
1897:
1894:
1891:
1888:
1885:
1879:
1878:
1875:
1872:
1869:
1864:
1859:
1854:
1844:
1839:
1836:
1830:
1829:
1826:
1823:
1820:
1817:
1814:
1809:
1804:
1801:
1795:
1794:
1791:
1785:
1782:
1779:
1776:
1771:
1761:
1756:
1753:
1747:
1746:
1743:
1740:
1737:
1734:
1731:
1728:
1725:
1719:
1718:
1715:
1714:Message forge
1712:
1709:
1706:
1703:
1700:
1697:
1691:
1690:
1687:
1684:
1681:
1678:
1675:
1672:
1669:
1663:
1662:
1659:
1656:
1653:
1650:
1647:
1644:
1641:
1635:
1634:
1631:
1628:
1625:
1622:
1619:
1614:
1609:
1606:
1600:
1599:
1596:
1593:
1590:
1587:
1584:
1579:
1569:
1564:
1561:
1555:
1554:
1551:
1545:key-derivation
1543:initial-bytes
1538:
1535:
1532:
1527:
1523:
1518:
1515:
1509:
1508:
1505:
1502:
1499:
1496:
1493:
1488:
1480:
1475:
1472:
1466:
1465:
1462:
1461:theory (2006)
1456:
1453:
1450:
1445:
1442:
1439:
1433:
1432:
1429:
1426:
1423:
1420:
1417:
1414:
1411:
1405:
1404:
1401:
1398:
1395:
1392:
1386:
1381:
1376:
1373:
1367:
1366:
1363:
1360:
1357:
1354:
1351:
1348:
1345:
1339:
1338:
1335:
1332:
1329:
1326:
1323:
1320:
1317:
1311:
1310:
1307:
1304:
1301:
1298:
1295:
1292:
1289:
1283:
1282:
1279:
1274:
1271:
1268:
1263:
1258:
1248:
1243:
1240:
1234:
1233:
1230:
1227:
1224:
1221:
1218:
1213:
1208:
1205:
1199:
1198:
1195:
1192:
1189:
1186:
1183:
1180:
1177:
1171:
1170:
1167:
1162:
1159:
1156:
1153:
1150:
1147:
1141:
1140:
1137:
1134:
1131:
1128:
1127:(usually 128)
1123:
1120:
1117:
1111:
1110:
1105:
1102:
1099:
1096:
1093:
1090:
1087:
1081:
1080:
1077:
1074:
1071:
1068:
1065:
1062:
1059:
1053:
1052:
1047:2 resp. 2 for
1045:
1042: β₯ 2
1030:
1027:
1024:
1021:
1018:
1015:
1009:
1008:
1005:
1002:
999:
996:
993:
990:
987:
981:
980:
975:
963:
960:
957:
950:
947:
944:
938:
937:
932:
929:
924:
919:
908:
907:
904:
901:
892:
887:
877:
876:
835:
833:
826:
820:
817:
718:
715:
606:Main article:
603:
600:
597:
596:
576:
574:
545:
542:
539:
538:
518:
516:
498:
495:
458:
455:
452:
451:
431:
429:
379:
376:
367:
364:
320:
317:
313:active attacks
272:
269:
265:autokey cipher
248:
245:
230:of completely
219:
216:
198:serves as the
190:using digital
117:
116:
31:
29:
22:
15:
9:
6:
4:
3:
2:
3113:
3102:
3099:
3097:
3094:
3093:
3091:
3072:
3064:
3063:
3060:
3054:
3053:Steganography
3051:
3049:
3046:
3044:
3041:
3039:
3036:
3034:
3031:
3029:
3026:
3024:
3021:
3019:
3016:
3014:
3011:
3009:
3008:Stream cipher
3006:
3004:
3001:
2999:
2996:
2995:
2993:
2989:
2983:
2980:
2978:
2975:
2973:
2970:
2968:
2967:Onion routing
2965:
2963:
2960:
2958:
2955:
2953:
2950:
2948:
2947:Shared secret
2945:
2943:
2940:
2938:
2935:
2933:
2930:
2928:
2925:
2923:
2920:
2918:
2915:
2913:
2910:
2908:
2905:
2903:
2900:
2898:
2895:
2893:
2890:
2887:
2884:
2879:
2876:
2875:
2874:
2871:
2869:
2866:
2864:
2861:
2859:
2856:
2854:
2851:
2849:
2846:
2844:
2841:
2839:
2838:Key generator
2836:
2834:
2831:
2829:
2826:
2824:
2821:
2819:
2816:
2812:
2809:
2807:
2804:
2802:
2799:
2798:
2797:
2796:Hash function
2794:
2792:
2789:
2787:
2784:
2782:
2779:
2777:
2774:
2772:
2771:Cryptanalysis
2769:
2767:
2764:
2760:
2757:
2756:
2755:
2752:
2750:
2747:
2745:
2742:
2740:
2737:
2736:
2734:
2730:
2726:
2719:
2714:
2712:
2707:
2705:
2700:
2699:
2696:
2692:
2678:
2675:
2673:
2670:
2668:
2665:
2664:
2662:
2658:
2652:
2649:
2647:
2644:
2642:
2639:
2637:
2634:
2632:
2629:
2627:
2624:
2623:
2621:
2617:
2611:
2608:
2606:
2603:
2601:
2598:
2597:
2595:
2591:
2585:
2582:
2580:
2577:
2575:
2572:
2570:
2567:
2565:
2562:
2560:
2557:
2555:
2552:
2550:
2547:
2545:
2542:
2540:
2537:
2535:
2532:
2530:
2527:
2525:
2522:
2520:
2517:
2515:
2512:
2510:
2507:
2505:
2502:
2500:
2497:
2495:
2492:
2490:
2487:
2485:
2482:
2480:
2477:
2475:
2472:
2470:
2467:
2466:
2464:
2462:Other ciphers
2460:
2450:
2447:
2445:
2442:
2440:
2437:
2436:
2434:
2430:
2424:
2421:
2419:
2416:
2414:
2411:
2409:
2406:
2405:
2403:
2399:
2396:
2393:
2389:
2383:
2380:
2378:
2375:
2373:
2370:
2368:
2365:
2363:
2360:
2358:
2355:
2354:
2352:
2348:
2344:
2337:
2332:
2330:
2325:
2323:
2318:
2317:
2314:
2310:
2306:
2300:
2297:
2295:
2292:
2290:
2287:
2286:
2277:
2273:
2266:
2261:
2256:
2249:
2248:
2242:
2239:
2235:
2234:
2218:
2214:
2213:IEEE Globecom
2207:
2200:
2192:
2188:
2181:
2173:
2166:
2154:
2146:
2140:
2136:
2132:
2127:
2122:
2115:
2114:
2106:
2087:
2080:
2073:
2065:
2059:
2051:
2045:
2041:
2034:
2030:
2019:
2016:
2013:
2010:
2008:
2005:
2004:
1995:
1991:
1987:
1983:
1979:
1978:
1966:Computational
1965:
1962:
1957:
1955:
1952:
1950:
1947:
1942:
1941:
1931:
1914:
1910:
1908:
1904:
1901:
1898:
1895:
1892:
1889:
1886:
1884:
1881:
1880:
1870:
1858:
1848:
1840:
1837:
1835:
1832:
1831:
1827:
1824:
1821:
1818:
1815:
1813:
1805:
1802:
1800:
1797:
1796:
1792:
1789:
1786:
1783:
1780:
1777:
1775:
1765:
1757:
1752:
1749:
1748:
1744:
1741:
1738:
1735:
1732:
1729:
1724:
1721:
1720:
1716:
1713:
1710:
1707:
1704:
1701:
1698:
1696:
1693:
1692:
1688:
1685:
1682:
1679:
1676:
1673:
1668:
1665:
1664:
1660:
1657:
1654:
1651:
1648:
1645:
1642:
1640:
1637:
1636:
1632:
1629:
1626:
1623:
1620:
1618:
1610:
1607:
1605:
1602:
1601:
1597:
1594:
1591:
1585:
1583:
1573:
1565:
1560:
1557:
1556:
1552:
1550:
1546:
1542:
1539:
1536:
1533:
1528:
1526:
1519:
1516:
1514:
1511:
1510:
1500:
1497:
1494:
1492:
1484:
1476:
1473:
1471:
1468:
1467:
1463:
1460:
1459:Cryptanalytic
1457:
1454:
1451:
1446:
1443:
1438:
1435:
1434:
1424:
1421:
1418:
1415:
1412:
1410:
1407:
1406:
1402:
1399:
1396:
1393:
1391:
1387:
1385:
1372:
1369:
1368:
1364:
1361:
1358:
1355:
1352:
1349:
1346:
1344:
1341:
1340:
1336:
1330:
1327:
1324:
1321:
1318:
1316:
1313:
1312:
1308:
1305:
1302:
1296:
1293:
1288:
1285:
1284:
1280:
1275:
1272:
1264:
1262:
1252:
1244:
1241:
1239:
1236:
1235:
1231:
1228:
1225:
1222:
1219:
1217:
1209:
1204:
1201:
1200:
1196:
1193:
1190:
1187:
1184:
1181:
1176:
1173:
1172:
1168:
1166:
1163:
1160:
1157:
1154:
1151:
1148:
1146:
1143:
1142:
1138:
1135:
1132:
1124:
1121:
1116:
1113:
1112:
1106:
1103:
1100:
1094:
1091:
1086:
1083:
1082:
1072:
1066:
1063:
1060:
1058:
1055:
1054:
1050:
1046:
1043:
1041:
1035:
1031:
1028:
1025:
1022:
1020:1 (hardware)
1019:
1016:
1014:
1011:
1010:
1006:
1003:
1000:
997:
994:
991:
988:
986:
983:
982:
976:
973:
968:
964:
961:
958:
955:
952:54 or 64 (in
951:
948:
945:
943:
940:
939:
934:Computational
930:
923:
918:
915:
910:
909:
899:
882:
873:
870:
862:
852:
848:
842:
841:
836:This section
834:
830:
825:
824:
816:
814:
810:
806:
802:
798:
794:
790:
786:
782:
778:
774:
770:
766:
762:
758:
754:
750:
746:
742:
740:
736:
732:
728:
724:
714:
711:
709:
705:
701:
697:
692:
690:
686:
682:
677:
675:
671:
667:
662:
660:
655:
653:
649:
645:
641:
637:
636:
631:
627:
623:
619:
615:
609:
593:
584:
580:
577:This section
575:
572:
568:
567:
564:
562:
554:
550:
544:Other designs
535:
526:
522:
519:This section
517:
514:
510:
509:
506:
504:
494:
491:
486:
482:
479:
474:
472:
468:
464:
448:
439:
435:
432:This section
430:
427:
423:
422:
419:
417:
413:
409:
405:
397:
393:
389:
384:
375:
373:
363:
361:
357:
352:
350:
346:
342:
338:
334:
330:
326:
316:
314:
308:
304:
302:
298:
294:
289:
281:
277:
268:
266:
262:
258:
254:
244:
240:
237:
233:
229:
225:
215:
213:
209:
205:
204:block ciphers
201:
197:
193:
189:
184:
182:
178:
174:
173:
168:
164:
161:
157:
153:
149:
146:
145:symmetric key
142:
141:stream cipher
132:
129:generator in
128:
123:
113:
110:
102:
91:
88:
84:
81:
77:
74:
70:
67:
63:
60: β
59:
55:
54:Find sources:
48:
44:
38:
37:
32:This article
30:
26:
21:
20:
3007:
3003:Block cipher
2843:Key schedule
2833:Key exchange
2823:Kleptography
2781:Cryptosystem
2725:Cryptography
2342:
2246:
2217:the original
2212:
2199:
2190:
2180:
2112:
2105:
2093:. Retrieved
2086:the original
2072:
2058:
2039:
2033:
1985:
1070:up to 19968
1048:
1039:
1033:
865:
856:
845:Please help
840:verification
837:
747:
743:
727:block cipher
720:
712:
693:
678:
673:
670:authenticity
669:
663:
658:
656:
651:
647:
643:
639:
633:
626:related keys
625:
621:
617:
611:
587:
583:adding to it
578:
558:
529:
525:adding to it
520:
502:
500:
487:
483:
475:
460:
442:
438:adding to it
433:
411:
407:
401:
395:
391:
387:
369:
353:
348:
344:
340:
336:
332:
328:
324:
322:
309:
305:
300:
297:exclusive or
287:
285:
260:
256:
250:
241:
224:one-time pad
221:
185:
181:exclusive-or
172:state cipher
171:
170:
152:pseudorandom
140:
136:
105:
99:October 2021
96:
86:
79:
72:
65:
53:
41:Please help
36:verification
33:
2991:Mathematics
2982:Mix network
1968:complexity
1963:Best known
1911:Vulnerable
1677:128 or 256
1136:KPA (2005)
1115:E0 (cipher)
959:22 (in 2G)
936:complexity
931:Best known
628:or related
622:distinguish
561:T-functions
257:synchronous
3090:Categories
2942:Ciphertext
2912:Decryption
2907:Encryption
2868:Ransomware
2646:T-function
2593:Generators
2469:Achterbahn
2231:References
1803:2000β2003
1705:up to 128
1319:1998β2002
819:Comparison
652:ciphertext
406:to form a
253:ciphertext
196:seed value
188:seed value
167:ciphertext
69:newspapers
2932:Plaintext
2559:SOBER-128
2489:KCipher-2
2423:SOSEMANUK
2394:Portfolio
2163:ignored (
2153:cite book
2121:CiteSeerX
1994:plaintext
1943:Effective
1877:β (2006)
1874:β (2006)
1755:Pre-2004
1727:Pre-2004
1723:SOSEMANUK
1695:SOBER-128
1671:Pre-2003
1563:Pre-2004
1507:β (2006)
1504:β (2006)
1474:2003-Feb
1441:Pre-2004
1431:β (2004)
1428:β (2004)
1419:Variable
1375:Pre-2004
1337:~ 2
1334:β (2002)
1309:2 (2013)
1291:Pre-2004
1207:Pre-2004
1179:Pre-2004
1155:Variable
1139:2 (2005)
1119:Pre-1999
1109:2 (2008)
1089:Pre-1994
1079:β (2008)
1076:β (2008)
1067:Variable
911:Effective
859:July 2014
809:SOBER-128
765:Chameleon
700:unrelated
689:megabytes
648:plaintext
635:weak keys
590:June 2008
532:June 2008
445:June 2008
228:keystream
160:plaintext
156:keystream
127:keystream
3071:Category
2977:Kademlia
2937:Codetext
2880:(CSPRNG)
2858:Machines
2432:Hardware
2401:Software
2372:Crypto-1
2265:Archived
2001:See also
1958:Internal
1921:Creation
1871:256β800
1866:Variable
1861:Variable
1378:up to 8
1125:Variable
1107:40 ms OR
1085:Crypto-1
1029:297/351
926:Internal
889:Creation
723:wireless
602:Security
469:and the
2732:General
2660:Attacks
2449:Trivium
2418:Salsa20
2392:eSTREAM
2095:25 June
2020:(NLFSR)
2007:eSTREAM
1996:stream.
1938:Attack
1935:(bits)
1918:cipher
1790:(2006)
1751:Trivium
1559:Salsa20
1553:2 OR 2
1447:8β2048?
1255:4.6875
1057:CryptMT
1026:80/128
1023:80/128
1004:Active
965:Active
906:Attack
903:(bits)
886:cipher
797:Salsa20
731:padding
674:privacy
183:(XOR).
83:scholar
2853:Keygen
2619:Theory
2569:Turing
2564:Spritz
2539:Scream
2509:Phelix
2504:Panama
2474:F-FCSR
2444:MICKEY
2413:Rabbit
2408:HC-128
2367:ChaCha
2141:
2123:
2046:
2014:(LFSR)
1975:Trivia
1960:state
1949:length
1916:Stream
1905:&
1799:Turing
1604:Scream
1576:11.84
1541:Shamir
1529:8β2048
1470:Rabbit
1371:Phelix
1359:1216?
1343:PANAMA
1287:MICKEY
1265:8β8288
1259:32-bit
1249:64-bit
1245:2.375
1226:65536
1203:HC-256
1073:19968
928:state
917:length
884:Stream
811:, and
789:Phelix
785:Panama
749:ChaCha
704:CSPRNG
644:choose
614:period
465:, the
358:(CFB)
232:random
194:. The
148:cipher
85:
78:
71:
64:
56:
2888:(PRN)
2641:NLFSR
2554:SOBER
2484:ISAAC
2439:Grain
2268:(PDF)
2251:(PDF)
2238:(PDF)
2220:(PDF)
2209:(PDF)
2117:(PDF)
2089:(PDF)
2082:(PDF)
2025:Notes
1926:Speed
1923:date
1899:8192
1887:1993
1838:2005
1699:2003
1643:1997
1608:2002
1566:4.24
1537:2064
1517:1987
1485:β 9.7
1455:8320
1413:1994
1394:128?
1390:nonce
1356:128?
1347:1998
1331:1216
1273:8288
1242:1996
1238:ISAAC
1175:Grain
1149:1993
1061:2005
1017:2006
989:1989
946:1989
894:Speed
891:date
805:SOBER
777:ISAAC
773:Helix
717:Usage
706:or a
666:nonce
646:some
286:In a
247:Types
163:digit
143:is a
90:JSTOR
76:books
2636:LFSR
2584:WAKE
2579:VMPC
2574:VEST
2549:SNOW
2544:SEAL
2534:RC4A
2529:RC4+
2524:QUAD
2514:Pike
2499:ORYX
2494:MUGI
2479:FISH
2362:A5/2
2357:A5/1
2172:link
2165:help
2139:ISBN
2097:2022
2044:ISBN
1946:key-
1883:WAKE
1855:FPGA
1845:ASIC
1834:VEST
1819:160
1806:5.5
1784:288
1736:128
1733:128
1667:SNOW
1652:32?
1639:SEAL
1624:32?
1615:soft
1611:4β5
1592:512
1586:256
1501:512
1495:128
1489:ARM7
1444:2.6
1409:Pike
1353:256
1328:128
1325:128
1315:MUGI
1303:200
1223:256
1220:256
1191:160
1145:FISH
1133:132
1001:64?
998:114
985:A5/2
942:A5/1
914:key-
813:WAKE
801:SEAL
793:Pike
781:MUGI
769:FISH
761:A5/2
757:A5/1
672:but
640:know
488:The
360:mode
341:CTAK
293:bits
131:A5/1
62:news
2382:RC4
2255:doi
2131:doi
1907:CCA
1903:CPA
1851:64
1841:42
1810:x86
1781:80
1778:80
1762:x86
1680:32
1549:KPA
1547:OR
1513:RC4
1498:64
1477:3.7
1452:64
1382:x86
1297:80
1188:64
1185:80
1101:48
1098:16
1095:48
995:54
972:KPA
967:KPA
962:64
849:by
803:,
791:,
779:,
771:,
767:,
753:RC4
737:or
696:RC4
681:DES
650:or
642:or
585:.
553:RC4
527:.
476:An
440:.
418:.
335:or
177:bit
45:by
3092::
2651:IV
2519:Py
2377:E0
2263:.
2211:.
2189:.
2157::
2155:}}
2151:{{
2137:.
2129:.
1932:)
1896:?
1893:?
1890:?
1853:(W
1843:(W
1828:?
1825:?
1822:?
1816:?
1808:(W
1793:2
1772:LG
1770:(W
1768:8
1760:(W
1758:4
1745:?
1742:?
1739:?
1730:?
1717:2
1711:?
1708:?
1702:?
1689:?
1686:?
1683:?
1674:?
1661:?
1658:?
1655:?
1649:?
1646:?
1633:?
1630:?
1613:(W
1580:P4
1578:(W
1570:G4
1568:(W
1524:P5
1520:7
1487:(W
1481:P3
1479:(W
1464:2
1437:Py
1425:?
1422:?
1416:?
1403:2
1397:?
1380:(W
1365:2
1350:2
1322:?
1294:?
1270:β
1257:(W
1247:(W
1232:?
1229:?
1214:P4
1212:(W
1210:4
1197:2
1182:?
1169:2
1161:?
1158:?
1152:?
1130:4
1122:?
1092:?
1064:?
1044:.
992:?
979:2
969:OR
956:)
954:2G
949:?
900:)
815:.
807:,
799:,
795:,
787:,
783:,
775:,
763:,
759:,
755:,
654:.
505:.
473:.
398:).
362:.
331:,
303:.
2717:e
2710:t
2703:v
2335:e
2328:t
2321:v
2257::
2240:.
2193:.
2174:)
2167:)
2147:.
2133::
2099:.
2052:.
1928:(
1857:)
1849:β
1847:)
1812:)
1774:)
1766:β
1764:)
1617:)
1582:)
1574:β
1572:)
1522:W
1491:)
1483:)
1384:)
1261:)
1253:β
1251:)
1216:)
1049:L
1040:L
1034:L
896:(
872:)
866:(
861:)
857:(
843:.
592:)
588:(
534:)
530:(
447:)
443:(
396:F
392:n
388:n
349:N
345:N
339:(
325:N
291:(
138:A
112:)
106:(
101:)
97:(
87:Β·
80:Β·
73:Β·
66:Β·
39:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.