Abstract
Many modern stream ciphers consist of a keystream generator and an initialisation function. In fielded systems, security of the keystream generator is often based on a large inner state rather than an inherently secure design. As a consequence, an increasing number of attacks on stream ciphers exploit the (re-)initialisation of large inner states by a weak initialisation function.
In this paper, we propose a strict separation of keystream generator and initialisation function in stream cipher design. After giving lower bounds on the necessary inner state size, we show how a secure stream cipher can be constructed from a weak keystream generator. We introduce the notion of inner state size efficiency and compare it for a number of fielded stream ciphers, indicating that a secure cipher can be based on reasonable inner state sizes. Concluding, we ask a number of open questions that may give rise to a new field of research that is concerned with the security of initialisation functions.
| Original language | English |
|---|---|
| Title of host publication | Proceedings WOSIS 2004 |
| Editors | Eduardo Fernández-Medina, Julio César Hernández Castro, Luis Javier García Villalba |
| Publisher | INSTICC Press |
| Publication date | 2004 |
| Pages | 237-250 |
| ISBN (Print) | 972-8865-07-4 |
| Publication status | Published - 2004 |
| Externally published | Yes |
| Event | International Workshop on Security in Information Systems - Porto, Portugal Duration: 1 Jan 2004 → … |
Conference
| Conference | International Workshop on Security in Information Systems |
|---|---|
| City | Porto, Portugal |
| Period | 01/01/2004 → … |
Cite this
Zenner, E. (2004). On the Role of the Inner State Size in Stream Ciphers. In E. Fernández-Medina, J. C. Hernández Castro, & L. J. García Villalba (Eds.), Proceedings WOSIS 2004 (pp. 237-250). INSTICC Press.