[Resource Topic] 2004/003: On the Role of the Inner State Size in Stream Ciphers

Welcome to the resource topic for 2004/003

On the Role of the Inner State Size in Stream Ciphers

Authors: Erik Zenner


Many modern stream ciphers consist of a keystream generator and
a key schedule algorithm. In fielded systems, security of the
keystream generator is often based on a large inner state rather
than an inherently secure design. Note, however, that little theory
on the initialisation of large inner states exists, and many
practical designs are based on an ad-hoc approach. As a consequence,
an increasing number of attacks on stream ciphers exploit the
(re-)initialisation of large inner states by a weak key schedule

In this paper, we propose a strict separation of keystream generator
and key schedule algorithm in stream cipher design. A formal
definition of inner state size is given, and lower bounds on
the necessary inner state size are proposed. After giving a
construction for a secure stream cipher from an insecure keystream
generator, the limitations of such an approach are discussed. We
introduce the notion of inner state size efficiency and compare
it for a number of fielded stream ciphers, indicating that
a secure cipher can be based on reasonable inner state sizes.
Concluding, we ask a number of open questions that may give rise
to a new field of research that is concerned with the security of
key schedule algorithms.

ePrint: https://eprint.iacr.org/2004/003

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .