What is a stream cipher (Stromchiffre) and how does it work?
A stream cipher encrypts plaintext bit by bit (or byte by byte) by XOR-ing it with a pseudorandom keystream generated from a short key.
* A short key seeds a keystream generator; the plaintext is XORed bit-by-bit with the keystream. *
The whole idea is to imitate the unbreakable one-time pad but with a short key: instead of sharing a long random pad, both sides expand a small shared key into a long pseudorandom keystream. That trades the one-time pad's information-theoretic secrecy for practicality — security now rests on the keystream generator being indistinguishable from random.
Encryption: C = M ⊕ S (ciphertext = message XOR keystream)
Decryption: M = C ⊕ S (same operation, since XOR is self-inverse)
How the keystream is generated:
- A short secret key K (e.g., 128 bits) is fed into a keystream generator (pseudorandom generator)
- The generator produces a long stream S of pseudorandom bits
- Both sender and receiver use the same key K to produce the same keystream
Key properties:
- Encrypts one bit/byte at a time (no need to wait for a full block)
- Very fast and efficient in hardware
- Suitable for real-time applications (voice, video streaming)
Critical rule: Never reuse a keystream! If C1 = M1 ⊕ S and C2 = M2 ⊕ S, then C1 ⊕ C2 = M1 ⊕ M2 — the key cancels out and the attacker can recover plaintext.
Go deeper:
Stream cipher (Wikipedia) — keystream generation, synchronous vs self-synchronising designs.