Stream Ciphers, a Perspective

Abstract

Synchronous stream ciphers are commonly used in applications with high throughput requirements or on hardware devices with restricted resources. Well known stream ciphers are A5/1, used in GSM, RC4, used in SSL, or E0 as specified in Bluetooth, but also some block cipher modes of operation. A review of the development of stream ciphers is given which starts with classical designs and is directed to modern dedicated stream ciphers as in the European NoE eSTREAM project. The history of stream ciphers is rich in new proposals followed by devastating breaks, e.g., by statistical or algebraic attacks. Differential cryptanalysis is probably the most popular tool for chosen plaintext attacks on block ciphers. It also applies to the initialization step in stream ciphers, but here, high order differential attacks are shown to be surprisingly successful, namely on constructions based on linear and nonlinear feedback shift registers. The process of designing and cryptanalyzing stream ciphers has not only resulted in a number of building blocks for stream ciphers: Similar components turn out to be useful as well in the design of lightweight block ciphers, hash functions and in algorithms for authenticated encryption.