INVITATION TO CYBERSECURITY 160 Figure 7.5 A keystream generator takes a short key as input and produces a long stream of pseudo-random bits as output. The keystream algorithm is deterministic. Deterministic means that the same input produces the same output every time. When the same key is used with the same keystream generator, the first n bits of the keysteam is always the exact same string—there is no source of randomness. Therefore, keystreams do not adhere to the one-time pad requirement of being random. Because stream ciphers trade the provable security of one-time pads for deterministic keystreams, they are sometimes known as pseudo one-time pads. While not technically random, the keystream must have the same properties of a random binary string. This means any given bit has an equal chance of being a 1 or a 0 and for long strings of bits, half will be 1s and half will be 0s. The keystream must also be long since it is consumed quickly, so the algorithm needs to output a practically endless stream of bits. Because the keystream algorithm is a closed system, it is finite, and this means it must eventually repeat. Therefore, another property of a keystream algorithm is that it needs to have a really long cycle. Otherwise, it could be used in-depth, violating a core principle of one-time pads. Another way that a keystream could be used in depth is to encrypt multiple messages with the same key starting in the same place in the keystream. These messages would re-use the same portion of the keystream. To prevent this from occurring, stream ciphers should use a nonce in addition to a key. A nonce is a randomly generated string of bits also known as a “number used once.” The nonce is mixed with the key in a programmatic way, and this generates a new key to input into the keystream generator. Since the key is new, the result is a new, never-before-seen keystream. When using nonces with stream ciphers, every message is encrypted with a unique “one-time pad,” and there is no danger of using it in-depth. In order to produce the same keystream to decrypt the message, the receiver needs to know the nonce. Conveniently, the nonce does not need to be kept secret! It can be sent in plaintext along with the message. Knowing the nonce does not help the adversary because the nonce must be mixed with the key in order to produce the keystream. Since
RkJQdWJsaXNoZXIy MTM4ODY=