Quiz Entry - updated: 2026.07.14
What security properties does a stream cipher provide, and what does it NOT provide?
Stream ciphers provide confidentiality only — they do NOT provide integrity or authenticity.
Provides:
- Confidentiality — the plaintext is hidden from eavesdroppers
Does NOT provide:
- Integrity — an attacker can flip bits in the ciphertext, and the corresponding plaintext bits will flip too (bit-flipping attack)
- Authenticity — no way to verify who sent the message
Why no integrity? Because XOR is malleable: if you flip bit i in the ciphertext, bit i in the decrypted plaintext also flips. The recipient has no way to detect this modification.
Practical consequence: Stream ciphers must always be combined with a MAC (Message Authentication Code) or used within an authenticated encryption scheme (like ChaCha20-Poly1305).
Go deeper:
ChaCha20-Poly1305 (Wikipedia) — how a stream cipher is paired with a MAC to regain integrity.