The eStream project has given us a number of insights into design criteria for stream ciphers. Some of them were disputed, on others everyone seemed to agree. In this paper, the author describes what he has learned and what he considers as possible consequences for stream cipher design. The paper does not contain any groundbreaking new results; it is merely meant as a collection of ideas and an...

This document contains test vectors for the stream cipher RC4.

RC4 cipher is the most widely used stream cipher in software applications. It was designed by R. Rivest in 1987. In this paper we find the number of keys of the RC4 cipher generating initial permutations with the same cycle structure. We obtain that the distribution of initial permutations is not uniform.

A new family of very fast stream ciphers called COS (for “crossing over system”) has been proposed by Filiol and Fontaine, and seems to have been adopted for at least one commercial standard. In this note we show that the COS ciphers are very weak indeed — it requires negligible effort to reconstruct the state of the keystream generator from a very small amount of known keystream.

Well-designed initialisation and keystream generation processes for stream ciphers should ensure that each key-IV pair generates a distinct keystream. In this paper, we analyse some ciphers where this does not happen due to state convergence occurring either during initialisation, keystream generation or both. We show how state convergence occurs in each case and identify two mechanisms which c...

A new version of the stream cipher Grain-128 is proposed. The new version, Grain-128a, is strengthened against all known attacks and observations on the original Grain-128, and has built-in support for authentication. The changes are modest, keeping the basic structure of Grain-128. This gives a high confidence in Grain-128a and allows for easy updating of existing implementations.

We present a design approach for hardware-oriented selfsynchronizing stream ciphers and illustrate it with a concrete design called Moustique. The latter is intended as a research cipher: it proves that the design approach can lead to concrete results and will serve as a target for cryptanalysis where new attacks may lead to improvements in the design approach such as new criteria for the ciphe...

In 2000, the stream cipher SNOW was proposed. A few attacks followed, indicating certain weaknesses in the design. In this paper we propose a new version of SNOW, called SNOW 2.0. The new version of the cipher does not only appear to be more secure, but its implementation is also a bit faster in software.