Better to know some
... than all
Self-Synchronizing Stream Ciphers
A self-synchronizing or asynchronous stream cipher is one in which the keystream is generated as a function of the key and a fixed number of previous ciphertext digits. The encryption function of a self-synchronizing stream cipher can be described by the Equations
ði = (ci-t; ci-t+1;... ci-1);
zi = g(ði; k);
ci = h(zi;mi);
where ð0 = (c-t; c-t+1; ... ; c-1) is the (non-secret) initial state, k is the key, g is the function which produces the keystream zi, and h is the output function which combines the keystream and plaintext mi to produce ciphertext ci. The most common presently-used self-synchronizing stream ciphers are based on block ciphers in 1-bit cipher feedback mode
(i) Self-Synchronization. Self-synchronization is possible if ciphertext digits are deleted or inserted, because the decryption mapping depends only on a fixed number of preceding ciphertext characters. Such ciphers are capable of re-establishing proper decryption automatically after loss of synchronization, with only a fixed number of plaintext characters unrecoverable.
(ii) Limited Error Propagation. Suppose that the state of a self-synchronization stream cipher depends on t previous ciphertext digits. If a single ciphertext digit is modified (or even deleted or inserted) during transmission, then decryption of up to t subsequent ciphertext digits may be incorrect, after which correct decryption resumes.
(iii) Active Attacks. Property (ii) implies that any modification of ciphertext digits by an active adversary causes several other ciphertext digits to be decrypted incorrectly, thereby improving (compared to synchronous stream ciphers) the likelihood of being detected by the decryptor. As a consequence of property (i), it is more difficult (than for synchronous stream ciphers) to detect insertion, deletion, or replay of ciphertext digits by an active adversary. This illustrates that additional mechanisms must be employed in order to provide data origin authentication and data integrity guarantees.
(iv) Diffusion of Plaintext Statistics. Since each plaintext digit influences the entire following ciphertext, the statistical properties of the plaintext are dispersed through the ciphertext. Hence, self-synchronizing stream ciphers may bemore resistant than synchronous stream ciphers against attacks based on plaintext redundancy.