When to use Stream Ciphers?


uberwaldo
Member
Registered: 04.12.13 12:49
Timezone: UTC +0
Posts: 5

I understand the performance issue that block ciphers suffer due to the many rounds that they must have, but it is known that stream ciphers cannot use the same key more than once.

I've read about Salsa20 and all stream ciphers from the same family, and understand that they tried to cover that issue by making use of a nonce, but still, I don't understand why not use AES since it haven't been broken yet and doesn't have such an issue. How does this nonce thing works?

My question basically is, when should I use a stream cipher? Should it be used only when I have performance issues?


uberwaldo
Member
Registered: 04.12.13 12:49
Timezone: UTC +0
Posts: 5

I understand the performance issue that block ciphers suffer due to the many rounds that they must have, but it is known that stream ciphers cannot use the same key more than once.

I've read about Salsa20 and all stream ciphers from the same family, and understand that they tried to cover that issue by making use of a nonce, but still, I don't understand why not use AES since it haven't been broken yet and doesn't have such an issue. How does this nonce thing works?

My question basically is, when should I use a stream cipher? Should it be used only when I have performance issues?


chess_rock
Member
Registered: 19.11.11 22:52
Timezone: UTC +0
Posts: 16

I agree with you in most of what you said about stream ciphers, but as you said, they have performance advantages compared to block ciphers, which in some extreme cases is fundamental. Not only that, stream ciphers use less memory as they encrypt bytes individually and do not need to store blocks for each round.

Salsa20 today is one of the most respected ciphers. It is probably the most respected stream cipher. It is currently the stream cipher being studied the most, having already extended versions of it like the following paper shows:

http://cr.yp.to/snuffle/xsalsa-20110204.pdf

Block ciphers work with each block individually, and due to that, are more susceptible to noise. This can be fixed by using integrity protection in exchange for performance, which stream ciphers do not provide.

nonces provide pseudorandom bits such that it is possible to make use of the same key more than once. This is good as a signature and can be used to certify that the same request is not made more than once on the internet, for example. But if you are going to use a nonce stream cipher, you have to make sure your pseudo-random generator is of great quality and randomness.

I hope this reply helps you to understand the applicability of stream ciphers. Cryptographical nonces are great and give stream ciphers an enormous flexibility. I reccomend reading this article:

http://www.cs.ucdavis.edu/~rogaway/papers/nonce.pdf


chess_rock
Member
Registered: 19.11.11 22:52
Timezone: UTC +0
Posts: 16

I agree with you in most of what you said about stream ciphers, but as you said, they have performance advantages compared to block ciphers, which in some extreme cases is fundamental. Not only that, stream ciphers use less memory as they encrypt bytes individually and do not need to store blocks for each round.

Salsa20 today is one of the most respected ciphers. It is probably the most respected stream cipher. It is currently the stream cipher being studied the most, having already extended versions of it like the following paper shows:

http://cr.yp.to/snuffle/xsalsa-20110204.pdf

Block ciphers work with each block individually, and due to that, are more susceptible to noise. This can be fixed by using integrity protection in exchange for performance, which stream ciphers do not provide.

nonces provide pseudorandom bits such that it is possible to make use of the same key more than once. This is good as a signature and can be used to certify that the same request is not made more than once on the internet, for example. But if you are going to use a nonce stream cipher, you have to make sure your pseudo-random generator is of great quality and randomness.

I hope this reply helps you to understand the applicability of stream ciphers. Cryptographical nonces are great and give stream ciphers an enormous flexibility. I reccomend reading this article:

http://www.cs.ucdavis.edu/~rogaway/papers/nonce.pdf


uberwaldo
Member
Registered: 04.12.13 12:49
Timezone: UTC +0
Posts: 5

Yes, that helps a lot. I guess I have to study a bit more about stream ciphers to understand every advantage that they may have.

chess_rock wrote:
But if you are going to use a nonce stream cipher, you have to make sure your pseudo-random generator is of great quality and randomness.

Is there such an algorithm that is considered the best pseudo-random number generator?


uberwaldo
Member
Registered: 04.12.13 12:49
Timezone: UTC +0
Posts: 5

Yes, that helps a lot. I guess I have to study a bit more about stream ciphers to understand every advantage that they may have.

chess_rock wrote:
But if you are going to use a nonce stream cipher, you have to make sure your pseudo-random generator is of great quality and randomness.

Is there such an algorithm that is considered the best pseudo-random number generator?


chess_rock
Member
Registered: 19.11.11 22:52
Timezone: UTC +0
Posts: 16

I don't know of any PRNG that is considered the 'best'. It is an open area in computing and they always want better algorithms. Hashes tend to be very good at randomness, but there are sets of numbers in basically every PRNG that are not as random as they should be.

There is a website that reads atmospheric noise and inputs the value as a random number. From all random algorithms I've heard, atmospheric noise is the most original and effective:

http://www.random.org/integers/

If you hear of any good PRNG, just tell me, I'm curious.


chess_rock
Member
Registered: 19.11.11 22:52
Timezone: UTC +0
Posts: 16

I don't know of any PRNG that is considered the 'best'. It is an open area in computing and they always want better algorithms. Hashes tend to be very good at randomness, but there are sets of numbers in basically every PRNG that are not as random as they should be.

There is a website that reads atmospheric noise and inputs the value as a random number. From all random algorithms I've heard, atmospheric noise is the most original and effective:

http://www.random.org/integers/

If you hear of any good PRNG, just tell me, I'm curious.


uberwaldo
Member
Registered: 04.12.13 12:49
Timezone: UTC +0
Posts: 5

Thanks chess_rock. If I find any good algorithm, i'll definitely tell you.


uberwaldo
Member
Registered: 04.12.13 12:49
Timezone: UTC +0
Posts: 5

Thanks chess_rock. If I find any good algorithm, i'll definitely tell you.