Stream ciphers
Sep. 14th, 2001 11:16 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
ciphergothI recently discovered Helger Lipmaa's excellent page on stream ciphers:
http://www.tcs.hut.fi/~helger/crypto/link/stream/index.html
and sent Helger an email correcting a small error (though I hadn't noticed the reference to "Paul McCrowley" until later!). His reply asked what stream cipher I had most confidence in. Here's what I said:
Interesting question!
If I was specifying a new application now, and encryption needed to be faster than any block cipher could manage, I would if I could use RC4 after discarding 1024 bytes of output. There are efficient distinguishers for RC4, but it has probably seen more cryptanalysis than all the other CPRNGs put together, and it's hard to think of circumstances where the RC4 distinguishers lead to a useful attack.
More modern designs are still faster and have clearer design principles. An attack on the PANAMA hash function was of course presented at FSE 2001, but I know of no attacks on the PANAMA stream cipher. If I felt that my requirements called either for strict non-distinguishability or greater speed, I think that PANAMA would be my next choice.
But overall there seems to be much more stream cipher cryptography than cryptanalysis, and we don't seem to have design principles to guide the design of stream ciphers as we do for block ciphers. One problem seems to be that stream ciphers have many fewer rounds (if they have the concept of rounds at all), so attacking reduced-round variants doesn't tell you very much. But it's this very property that makes them so fast... it would be very useful to have a stream cipher with more scalable security, so we can learn more about the limits of where cryptanalysis stops working.
I'm sort of hoping that the standardisation on AES reduces the "market" for new block ciphers, and so attention at FSE and suchlike turns to the design of other symmetric primitives, like stream ciphers and hash functions. Mainly because the stream cipher I really want doesn't exist yet.
Thanks for asking!
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2001-09-14 03:53 am (UTC)Simon xxx
I get all my crypto knowledge from Neal Stephenson
(no subject)
From:whatever
Date: 2001-09-14 10:57 am (UTC)I did not read your journal entry in its entirety. I am only posting to comment on the varied and gorgeous photos of yourself that are appearing on my 'friends' page. You really are very pretty.
I also feel some guilt as I have been describing Cindy as 'skinnier than Paul' (Cindy being the leggy blonde bitch who has moved into my house and who I have fallen for). Comparisons end there as I hear you are much better trained than she is. I got her to sit just now, but only for half a second and only because I had a treat for her in my hand. Then I got a text message and she tried to see if my phone was edible.
If I'm being cheeky by comparing you to her then let me know and I will stop.
Re: whatever
From:Re: whatever
From:stream cyphers?!
From: