Stream Ciphers

Stream ciphers are completely broken and will be removed soon. New users must use AEAD ciphers.

This historic document is for educational purposes only.

Stream Encryption/Decryption

Stream_encrypt is a function that takes a secret key, an initialization vector, a message, and produces a ciphertext with the same length as the message.

Stream_encrypt(key, IV, message) => ciphertext

Stream_decrypt is a function that takes a secret key, an initializaiton vector, a ciphertext, and produces the original message.

Stream_decrypt(key, IV, ciphertext) => message

The key can be input directly from user or generated from a password. The key derivation is following EVP_BytesToKey(3) in OpenSSL. The detailed spec can be found here: https://wiki.openssl.org/index.php/Manual:EVP_BytesToKey(3)

TCP

A stream cipher encrypted TCP stream starts with a randomly generated initializaiton vector, followed by encrypted payload data.

[IV][encrypted payload]

UDP

A stream cipher encrypted UDP packet has the following structure

[IV][encrypted payload]

Each UDP packet is encrypted/decrypted independently with a randomly generated initialization vector.

Historic stream ciphers

NameKey SizeIV Length
aes-128-ctr1616
aes-192-ctr2416
aes-256-ctr3216
aes-128-cfb1616
aes-192-cfb2416
aes-256-cfb3216
camellia-128-cfb1616
camellia-192-cfb2416
camellia-256-cfb3216
chacha20-ietf3212
bf-cfb168
chacha20328
salsa20328
rc4-md51616