Skip to content

Stream ciphers list

rozsa117 edited this page May 6, 2018 · 15 revisions

A table containing an overview of stream functions included in CryptoStreams. Read more about eStream project on its website. Other functions are documented below finalists.

There were two profiles of eSTREAM competition - hardware aimed functions and software aimed functions.

Profile software finalists

Cipher Default rounds Detailed rounds Note References
HC-128 no no (note 1) portfolio
Rabbit 4 0-4(4) (note 2) portfolio
Salsa20 20 0-20(20) (note 3) portfolio
SOSEMANUK 25 0-25 (25) (note 4) portfolio
  • (note 1) HC-128 implementations remained unchanged. The step of HC is specific for given memory address. Note that HC has block size 512 bits (16 * 32 bits).
  • (note 2) Rabbit has 4 rounds of key and iv setup, which is reduced by us. Therefore, this reduction is more similar to weakening the key (the key with bias, or key of zeroes...), than common round reduction.
  • (note 3) Uses double rounds. It decreases the round counter by 2 and during these double rounds are all state variables updated twice. Cannot be trivially split. Therefore running Salsa reduced to 1 round is the same, as 2 rounds.
  • (note 4) SOSEMANUK internally uses SERPENT function reduced to 1 round. The number of rounds of SOSEMANUK is the number of iterations of this SERPENT1.

Profile hardware finalists

Cipher Default rounds Detailed rounds Note References
Grain 13 1-13 (13) (note 1) portfolio
MICKEY 8 0-8 portfolio
Trivium 9 0-9 (9) portfolio
F-FCSR 5 1-5 (5) phase 3+
  • (note 1) Grain do not use rounds. But we reduced the addition of the state to the keystream. The lower rounds you set, the fewer uint32_t of the state will xored to the state. Setting 0 rounds has the same behavior as setting 1 round.

Other stream ciphers

Cipher Default rounds Detailed rounds Key size (Bytes) Note
RC4 - not round-reduced 5–256 implementation, test vectors
Chacha 20 0-20 (20) 32 Successor of Salsa20, not directly eStream candidate

Complete table of eSTREAM candidates

Please note that maintaining all the candidates is difficult, so we guarantee working state only for the finalists. We did our best to ensure correct implementation and round reductions for them.

Cipher Default rounds Detailed rounds Note References
ABC - - passing same streams for output every time, not used, no-run phase 2
Achterbahn n/a n/a phase 2
CryptMT - - seems to work in Ubuntu, not in win, no-run phase 3
DECIM 8 1-8 (8) phase 3
DICING n/a n/a phase 2
Dragon 16 0-16 DRAGON_MIXING_STAGES phase 3
Edon80 - - cannot use 128b IV (only 80b), no-run phase 3
F-FCSR n/a n/a phase 3+
Frogbit - - no-run phase 1
Fubuki 4 1-32 (4) phase 1
Grain 13 1-13 (13) portfolio
HC-128 - -
Hermes 10 1-13 (10) phase 2
LEX 10 1-10 (10) rounds up to 14 when altering internal constant, rounds only limit number of output bytes (4 per round), not their strength! phase 3
MAG n/a n/a phase 1
MICKEY n/a n/a no-cycles portfolio
Mir-1 n/a n/a phase 1
Moustique - - no-compile phase 3
NLS - - no-compile phase 3
Phelix - - no-code phase 2
Polar Bear - - no-compile phase 2
Pomaranch n/a n/a phase 3
Py n/a n/a phase 2
Rabbit 4 1-4 (4) iterations of keystream preparation portfolio
Salsa20 20 1-20 (20/12) portfolio
SFINKS n/a n/a phase 1
SOSEMANUK 25 1-25 (25) portfolio
SSS - - no-code phase 1
TRBDK3 YAEA - - no-code phase 1
Trivium - Should be working!, no-compile (minGW), no-run (MSVS) portfolio
TSC-4 32 1-32 (32) does not generate any output until round 9 phase 2
VEST - - no-code phase 2
WG n/a n/a phase 2
Yamb n/a used to compile!, no-compile (minGW), ok (MSVS) phase 1
Zk-Crypt - - no-run phase 2

Cipher
Name of the function as submitted to the eStream competition.

State
Working state in EACirc - 'ok'/'no-compile'/'no-run'/'no-code'.

NumRounds
If a function can be reduced in the number of rounds, allowed range is stated here. The standard number of rounds is written in parentheses.

Note Any further information, particularly regarding limiting the number of rounds.

License
The license of hash function's code. For more details, see function's webpage.

Webpage
Link to the webpage provided by the authors of the function, as submitted to the SHA-3 competition.