Better to know some
... than all
Synchronous Stream Ciphers
A synchronous stream cipher is one in which the key stream is generated independently of the plaintext message and of the ciphertext. The encryption process of a synchronous stream cipher can be described by the equations
ði+1 = f(ði; k);
zi = g(ði; k);
ci = h(zi;mi);
where ð0 is the initial state and may be determined from the key k, f is the next-state function, g is the function which produces the keystream zi, and h is the output function which combines the keystream and plaintext mi to produce ciphertext ci. The OFB mode of a block cipher is an example of a synchronous stream cipher.
(i) Synchronization Requirements. In a synchronous stream cipher, both the sender and receiver must be synchronized - using the same key and operating at the same position (state) within that key - to allow for proper decryption. If synchronization is lost due to ciphertext digits being inserted or deleted during transmission, then decryption fails and can only be restored through additional techniques for re-synchronization. Techniques for re-synchronization include re-initialization, placing special markers at regular intervals in the ciphertext, or, if the plaintext contains enough redundancy, trying all possible keystream offsets.
(ii) No Error Propagation. A ciphertext digit that is modified (but not deleted) during transmission does not affect the decryption of other ciphertext digits.
(iii) Active Attacks. As a consequence of property
(a), the insertion, deletion, or replay of ciphertext digits by an active adversary causes immediate loss of synchronization, and hence might possibly be detected by the decryptor. As a consequence of property
(b), an active adversary might possibly be able to make changes to selected ciphertext digits, and know exactly what affect these changes have on the plaintext. This illustrates that additional mechanisms must be employed in order to provide data origin authentication and data integrity guarantees.
Most of the stream ciphers that have been proposed to date in the literature are additive stream ciphers, which are defined below.
Binary Additive Stream Cipher
A binary additive stream cipher is a synchronous stream cipher in which the keystream, plaintext, and ciphertext digits are binary digits, and the output function h is the XOR function.
Binary additive stream ciphers are depicted in Figure. Referring to Figure, the keystream generator is composed of the next-state function f and the function g and is also known as the running key generator.