RSA Laboratories

2.1.5 What is a stream cipher?

A stream cipher is a type of symmetric encryption algorithm. Stream ciphers can be designed to be exceptionally fast, much faster than any block cipher (see Question 2.1.4). While block ciphers operate on large blocks of data, stream ciphers typically operate on smaller units of plaintext, usually bits. The encryption of any particular plaintext with a block cipher will result in the same ciphertext when the same key is used. With a stream cipher, the transformation of these smaller plaintext units will vary, depending on when they are encountered during the encryption process.

A stream cipher generates what is called a keystream (a sequence of bits used as a key). Encryption is accomplished by combining the keystream with the plaintext, usually with the bitwise XOR operation. The generation of the keystream can be independent of the plaintext and ciphertext, yielding what is termed a synchronous stream cipher, or it can depend on the data and its encryption, in which case the stream cipher is said to be self-synchronizing. Most stream cipher designs are for synchronous stream ciphers.

One-time pads

Current interest in stream ciphers is most commonly attributed to the appealing theoretical properties of the one-time pad. A one-time pad, sometimes called the Vernam cipher [Ver26], uses a string of bits that is generated completely at random. The keystream is the same length as the plaintext message and the random string is combined using bitwise XOR with the plaintext to produce the ciphertext. Since the entire keystream is random, even an opponent with infinite computational resources can only guess the plaintext if he or she sees the ciphertext. Such a cipher is said to offer perfect secrecy, and the analysis of the one-time pad is seen as one of the cornerstones of modern cryptography [Sha49]. While the one-time pad saw use during wartime over diplomatic channels requiring exceptionally high security, the fact that the secret key (which can be used only once) is as long as the message introduces severe key management problems (see Section 4.1). While perfectly secure, the one-time pad is in general impractical.

Stream ciphers were developed as an approximation to the action of the one-time pad. While contemporary stream ciphers are unable to provide the satisfying theoretical security of the one-time pad, they are at least practical.

As of now there is no stream cipher that has emerged as a de facto standard. The most widely used stream cipher is RC4 (see Question 3.6.3). Interestingly, certain modes of operation of a block cipher effectively transform it into a keystream generator and in this way, any block cipher can be used as a stream cipher; as in DES in CFB or OFB modes (see Question 2.1.4 and Section 3.2). However, stream ciphers with a dedicated design are typically much faster.

More information about stream ciphers and the various available algorithms can be found in almost any book on contemporary cryptography and in RSA Laboratories Technical Report TR-701 [Rob95a].

Top of the page