Breaking misused stream ciphers

Encryption algorithms can be classified in a couple of different ways.  A top-level distinction is between symmetric encryption algorithms (which use the same keys for encryption and decryption) and asymmetric cryptography (which uses different but related public and private keys).

Within the symmetric encryption category, another distinction is between block ciphers (which encrypt data in fixed-size chunks) and stream ciphers.  Stream ciphers generate a string of bits, which the plaintext is exclusive-ored (XORed) with.  This makes stream ciphers a less secure but more usable variation of the one-time pad.

Stream cipher use and abuse

Stream ciphers, like the one-time pad, are designed to use a distinct encryption key for each plaintext/session or to maintain state between sessions (i.e. don’t start over each time).  The reason for this is that, when using the same encryption key for multiple sessions, starting at the beginning for each session results in all plaintexts being exclusive-ored with the same string of bits.

If this occurs, the stream cipher is vulnerable to the same potential attack as a one-time pad with key reuse.  Exclusive or-ing two ciphertexts encrypted using the same bit stream results in the XOR of the two plaintexts.  This is because 


Read More: