Abstract
Many modern stream ciphers consist of a keystream generator and an initialisation function. In fielded systems, security of the keystream generator is often based on a large inner state rather than an inherently secure design. As a consequence, an increasing number of attacks on stream ciphers exploit the (re-)initialisation of large inner states by a weak initialisation function.
In this paper, we propose a strict separation of keystream generator and initialisation function in stream cipher design. After giving lower bounds on the necessary inner state size, we show how a secure stream cipher can be constructed from a weak keystream generator. We introduce the notion of inner state size efficiency and compare it for a number of fielded stream ciphers, indicating that a secure cipher can be based on reasonable inner state sizes. Concluding, we ask a number of open questions that may give rise to a new field of research that is concerned with the security of initialisation functions.
Original language | English |
---|---|
Title of host publication | Proceedings WOSIS 2004 |
Editors | Eduardo Fernández-Medina, Julio César Hernández Castro, Luis Javier García Villalba |
Publisher | INSTICC Press |
Publication date | 2004 |
Pages | 237-250 |
ISBN (Print) | 972-8865-07-4 |
Publication status | Published - 2004 |
Externally published | Yes |
Event | International Workshop on Security in Information Systems - Porto, Portugal Duration: 1 Jan 2004 → … |
Conference
Conference | International Workshop on Security in Information Systems |
---|---|
City | Porto, Portugal |
Period | 01/01/2004 → … |