Skip to content

Stream ciphers

Karel Kubicek edited this page Apr 12, 2018 · 8 revisions

Table containing overview of stream functions included in CryptoStreams. Read more about eStream project on its website. Other functions are documented below finalists.

There were 2 profiles of eSTREAM competition - hardware aimed functions and software aimed functions.

Profile software finalists

Cipher State NumRounds Note Licence Webpage
HC-128 ok no (note 1) Free for any use portfolio
Rabbit ok 0-4 (4) (note 2) Free for any use portfolio
Salsa20 ok 0-20 (20) (note 3) Free for any use portfolio
SOSEMANUK ok 0-25 (25) (note 4) Free for any use portfolio
  • (note 1) HC-128 implementations remained unchanged. The step of HC is specific for given memory address. Note that HC has block size 512 bits (16 * 32 bits).
  • (note 2) Rabbit has no 4 rounds of key and iv setup, which is reduced by us. Therefore, this reduction is more similar to weakening the key (key with bias, or key of zeroes...), than common round reduction.
  • (note 3) Uses double rounds. It decrease the round counter by 2 and during these double rounds are all state variables updated twice. Cannot be trivially splitted. Therefore running Salsa reduced to 1 round is the same, as 2 rounds.
  • (note 4) SOSEMANUK internaly uses SERPENT function reduced to 1 round. The number of rounds of SOSEMANUK is number of iterations of this SERPENT1.

Profile hardware finalists

Cipher State NumRounds Note Licence Webpage
Grain ok 1-13 (13) (note 1) Free for any use portfolio
MICKEY ok 0-8 Free for any use portfolio
Trivium ok 0-9 (9) Free for any use portfolio
F-FCSR ok 1-5 (5) Free for any use phase 3+
  • (note 1) Grain do not use rounds. But we reduced the addition of the state to the keystream. The lower rounds you set, the fewer uint32_t of the state will xored to the state. Setting 0 rounds has the same behaviour as setting 1 round.

Other stream ciphers

Cipher State NumRounds Key size (Bytes) Licence Note
RC4 working not round-reduced 5–256 no implementation, test vectors
Chacha working 0-20 (20) 32 Free for any use Successor of Salsa20, not directly eStream candidate

Complete table of eSTREAM candidates

Please note that maintaining all the candidates is difficult, so we guarantee working state only for the finalists. We did our best to ensure correct implementation and round reductions for them.

Cipher State NumRounds Note Licence Webpage
ABC no-run - passing same streams for output every time, not used ? phase 2
Achterbahn ok n/a ? phase 2
CryptMT no-run - seems to work in Ubuntu, not in win Free for noncommercial use phase 3
DECIM ok 1-8 (8) Partly patented, but freely available phase 3
DICING ok n/a ? phase 2
Dragon ok 0-16 DRAGON_MIXING_STAGES Free for any use phase 3
Edon80 no-run - cannot use 128b IV (only 80b) Free for any use phase 3
F-FCSR ok n/a Free for any use phase 3+
Frogbit no-code - ? phase 1
Fubuki ok 1-32 (4) ? phase 1
Grain ok 1-13 (13) Free for any use portfolio
HC-128 ok - Free for any use portfolio
Hermes ok 1-13 (10) ? phase 2
LEX ok 1-10 (10) rounds up to 14 when altering internal constant, rounds only limit number of output bytes (4 per round), not their strength! Free for any use phase 3
MAG ok n/a ? phase 1
MICKEY no-cycles n/a Free for any use portfolio
Mir-1 ok n/a ? phase 1
Moustique no-compile - Free for any use phase 3
NLS no-compile - Free for any use phase 3
Phelix no-code - ? phase 2
Polar Bear no-compile - ? phase 2
Pomaranch ok n/a Free for noncommercial use phase 3
Py ok n/a ? phase 2
Rabbit ok 1-4 (4) iterations of keystream preparation Free for any use portfolio
Salsa20 ok 1-20 (20/12) Free for any use portfolio
SFINKS ok n/a ? phase 1
SOSEMANUK ok 1-25 (25) Free for any use portfolio
SSS no-code - ? phase 1
TRBDK3 YAEA no-code - ? phase 1
Trivium no-compile (minGW), no-run (MSVS) - Should be working! Free for any use portfolio
TSC-4 ok 1-32 (32) does not generate any output until round 9 phase 2
VEST no-code - ? phase 2
WG ok n/a ? phase 2
Yamb no-compile (minGW), ok (MSVS) n/a used to compile! ? phase 1
Zk-Crypt no-run - ? phase 2

Cipher
Name of the function as submitted to the eStream competition.

State
Working state in EACirc - 'ok'/'no-compile'/'no-run'/'no-code'.

NumRounds
If a function can be reduced in number of rounds, allowed range is stated here. Standard number of rounds is written in parentheses.

Note Any further information, particularly regarding limiting the number of rounds.

Licence
Licence of hash function's code. For more details, see function's webpage.

Webpage
Link to webpage provided by the authors of the function, as submitted to SHA-3 competition.