Also known as: stream cipher
A stream cipher encrypts data one bit or byte at a time by combining each unit of plaintext — almost always with XOR — against a pseudo-random keystream generated from a secret key.1 It contrasts with a block cipher, which transforms fixed-size blocks at once.
How it works
A stream cipher’s strength lives entirely in its keystream generator. The key seeds a state machine that emits a long pseudo-random sequence; XORing that sequence with the plaintext gives the ciphertext, and XORing the same sequence with the ciphertext recovers the plaintext, because XOR is its own inverse.
Two rules follow directly:
- Never reuse a keystream. If two messages are encrypted under the same keystream, XORing the two ciphertexts cancels the keystream and leaks the XOR of the two plaintexts. This is why stream ciphers pair the key with a per-message nonce or initialization vector.
- The keystream must look random. A predictable generator lets an attacker reconstruct the sequence without the key. The one-time pad is the idealized limit — a truly random keystream as long as the message — and is provably unbreakable, but practical ciphers use a short key to stretch a long pseudo-random stream.
RC4 is the best-known example; modern designs include ChaCha20.
Relevance to SDR
Stream ciphers are the encryption scheme most often seen on the trunked systems GopherTrunk monitors. DMR “Enhanced Privacy” uses RC4, and P25 voice can be protected with DES-OFB or AES — both run their underlying block cipher in a feedback mode that turns it into a keystream generator, making the on-air result a stream cipher. Without the key the keystream cannot be reproduced, so GopherTrunk can detect and follow an encrypted call but cannot recover the audio — distinct from reversible scrambling, where the sequence is public.
Sources
-
Stream cipher — Wikipedia, for the per-symbol XOR-with-keystream model and the keystream-reuse pitfall. ↩