What is a Stream Cipher?

A stream cipher is a type of algorithm used in data encryption where the source that needs to be encrypted is processed against a key sequence that appears random. This type of cipher is somewhat flexible in the sense that it may vary the encryption as the text is being processed. They are also sometimes referred to as a state cipher because encryption also depends on the current state of the operation. In contrast to block ciphers, which work on chunks of data 64 bits at a time, a stream cipher can operate on a single bit. For this reason, a stream can be processed at high speeds with very little processing power.

The first stream cipher was devised by Gilbert Vernam in 1917. Vernam later also helped create a cipher known as the one-time pad, which is a form of stream cipher that uses a one-time key to encrypt the data. In a one-time pad, the key generated is the same length as the data that needs to be encrypted, is completely random, and is never used again anywhere else, hence the name.

When processed against the data to be encrypted, typically referred to as plaintext, the resultant ciphertext is impossible to decrypt without the key. The one-time pad is difficult to deal with in most scenarios, and is, therefore, only used for very exclusive situations. Still, a stream cipher is usually considered useful, so the keys were shortened and made pseudorandom, meaning they are statistically random but in reality are not.

Stream cipher has the ability to encrypt on the fly. In this way, it is even easy for simple stream ciphers to be performed by people on pen and paper, whereas a block cipher typically requires the use of a computer to process. The plaintext flows through the encryption process along with the keystream, the pseudorandom sequence that makes up the key, where it is converted and comes out the other end as ciphertext.

Usually, this encryption happens via an exclusive-or (XOR) operation on the individual bits as they pass through the cipher. A simple XOR cipher uses a type of logical disjunction as its basis, which essentially says that the result can be true if either operand is true, but not both. For example, if a bit moving through the encryption process is a zero or a one, and the paired keystream bit doesn't match, the resultant output is a one. If the bit and paired keystream bit do match, where both are a one, or both are a zero, the result is a zero. The encrypted stream of ones and zeros are then decrypted on the other end of the transmission using the same keystream to convert the bits back into their original plaintext.

There are two types of stream cipher. Using a synchronous method, the keystream is created separate from the plaintext or the ciphertext and then merged to provide the encryption or decryption. With this method, both the sending and receiving ends of the transmission must remain synchronized where they are operating on the same key and the same position in the key. Should a problem occur, the decryption either needs to start over, or there may be flags placed intermittently throughout the ciphertext that indicate new starting points. A self-synchronizing cipher, on the other hand, will update the keystream based on some number of previous digits in the ciphertext.

One of the most frequently used stream cipher, called RC4, was created by RSA Data Security®. It is licensed for and used in a number of software products, as well as the secure socket layer (SSL) protocol used in secure Internet communications and the wired equivalent privacy (WEP) encryption used with wireless devices. Another often used cipher is known as ORYX, which has found use in cellular telephone data transmissions that need to be encrypted. IBM® has also developed an stream encryption method known as SEAL, which has found use in hard disk encryption.