Stream ciphers list
A table containing an overview of stream functions included in CryptoStreams. Read more about eStream project on its website. Other functions are documented below finalists.
There were two profiles of eSTREAM competition - hardware aimed functions and software aimed functions.
| Cipher | Default rounds | Detailed rounds | Note | References |
|---|---|---|---|---|
HC-128 |
1 | - (note 1) | portfolio | |
Rabbit |
4 | 0-4(4) (note 2) | portfolio | |
Salsa20 |
20 | 0-20(20) (note 3) | portfolio | |
SOSEMANUK |
25 | 0-25 (25) (note 4) | portfolio |
- (note 1) HC-128 implementations remained unchanged. The
stepof HC is specific for given memory address. Note that HC has block size 512 bits (16 * 32 bits). - (note 2) Rabbit has 4 rounds of key and iv setup, which is reduced by us. Therefore, this reduction is more similar to weakening the key (the key with bias, or key of zeroes...), than common round reduction.
- (note 3) Uses double rounds. It decreases the round counter by 2 and during these double rounds are all state variables updated twice. Cannot be trivially split. Therefore running Salsa reduced to 1 round is the same, as 2 rounds.
- (note 4)
SOSEMANUKinternally usesSERPENTfunction reduced to 1 round. The number of rounds ofSOSEMANUKis the number of iterations of this SERPENT1.
| Cipher | Default rounds | Detailed rounds | Note | References |
|---|---|---|---|---|
Grain |
13 | 1-13 (13) (note 1) | portfolio | |
MICKEY |
1 | 1 | portfolio | |
Trivium |
9 | 0-9 (9) (note 2) | portfolio | |
F-FCSR |
5 | 1-5 (5) (note 1) | phase 3+ |
- (note 1) Grain and F-FCSR do not use rounds. But we reduced the addition of the state to the keystream. The lower rounds you set, the fewer bytes of the state will
xoredto the keystream. Setting 0 rounds has the same behavior as setting 1 round. - (note 2) Trivium has similarly as Rabbit 9 rounds of key and iv setup, which is reduced by us. Therefore, this reduction is more similar to weakening the key (the key with bias, or key of zeroes...), than common round reduction.
| Cipher | Default rounds | Detailed rounds | Key size (Bytes) | Note |
|---|---|---|---|---|
RC4 |
1 | not round-reduced | 5–256 | implementation, test vectors |
Chacha |
20 | 0-20 (20) | 32 | Successor of Salsa20, not directly eStream candidate |
Please note that maintaining all the candidates is difficult, so we guarantee working state only for the finalists. We did our best to ensure correct implementation and round reductions for them.
| Cipher | Default rounds | Detailed rounds | Note | References |
|---|---|---|---|---|
ABC |
- | - | passing same streams for output every time, not used, no-run | phase 2 |
Achterbahn |
n/a | n/a | phase 2 | |
CryptMT |
- | - | seems to work in Ubuntu, not in win, no-run | phase 3 |
DECIM |
8 | 1-8 (8) | phase 3 | |
DICING |
n/a | n/a | phase 2 | |
Dragon |
16 | 0-16 DRAGON_MIXING_STAGES
|
phase 3 | |
Edon80 |
- | - | cannot use 128b IV (only 80b), no-run | phase 3 |
Frogbit |
- | - | no-code | phase 1 |
Fubuki |
4 | 1-32 (4) | phase 1 | |
Hermes |
10 | 1-13 (10) | phase 2 | |
LEX |
10 | 1-10 (10) | rounds up to 14 when altering internal constant, rounds only limit number of output bytes (4 per round), not their strength! | phase 3 |
MAG |
n/a | n/a | phase 1 | |
Mir-1 |
n/a | n/a | phase 1 | |
Moustique |
- | - | no-compile | phase 3 |
NLS |
- | - | no-compile | phase 3 |
Phelix |
- | - | no-code | phase 2 |
Polar Bear |
- | - | no-compile | phase 2 |
Pomaranch |
n/a | n/a | phase 3 | |
Py |
n/a | n/a | phase 2 | |
SFINKS |
n/a | n/a | phase 1 | |
SSS |
- | - | no-code | phase 1 |
TRBDK3 YAEA |
- | - | no-code | phase 1 |
TSC-4 |
32 | 1-32 (32) | does not generate any output until round 9 | phase 2 |
VEST |
- | - | no-code | phase 2 |
WG |
n/a | n/a | phase 2 | |
Yamb |
n/a | used to compile!, no-compile (minGW), ok (MSVS) | phase 1 | |
Zk-Crypt |
- | - | no-run | phase 2 |
Cipher
Name of the function as submitted to the eStream competition.
State
Working state in EACirc - 'ok'/'no-compile'/'no-run'/'no-code'.
NumRounds
If a function can be reduced in the number of rounds, allowed range is stated here. The standard number of rounds is written in parentheses.
Note Any further information, particularly regarding limiting the number of rounds.
License
The license of hash function's code. For more details, see function's webpage.
Webpage
Link to the webpage provided by the authors of the function, as submitted to the SHA-3 competition.
Getting started
Building notes
Running notes
Recommended scenarios
Configuration file structure
Developer notes
Framework components
Submodules
Third party libraries
Coding guide
Testing
Known bugs
User notes
List of streams
Block ciphers
Stream ciphers
Hash functions
PRNGs
WIP CAESAR
Useful links