DES as a stream cipher
Folks, As this sounds like a previously solved problem, I wanted to find out about using DES (or any block cipher) as a stream cipher, i.e., in a manner that keeps input and output data length equal. I don't want to use a true stream cipher, as I want to use the same key for multiple messages and stream ciphers tend to place the bulk of their overhead in the re-key. Since stream ciphers have "memory," I would have to "re-key" to the same key for each of my messages. I would rather key something like DES once and run it in CBC mode or use some other form of IV. Help or pointers to help are greatly appreciated. Karl
"Karl A. Siil" writes:
Folks,
As this sounds like a previously solved problem, I wanted to find out about using DES (or any block cipher) as a stream cipher, i.e., in a manner that keeps input and output data length equal.
DES (and other block ciphers) has a couple of modes that let you do this -- CFB mode and OFB mode come to mind. Their security hasn't been that well studied to my knowledge. However...
I don't want to use a true stream cipher, as I want to use the same key for multiple messages and stream ciphers tend to place the bulk of their overhead in the re-key.
????
Since stream ciphers have "memory," I would have to "re-key" to the same key for each of my messages. I would rather key something like DES once and run it in CBC mode or use some other form of IV.
??? You ought to explain your application more clearly; it isn't necessarily the case that a stream cipher is appropriate for you. .pm
On Mon, 22 Apr 1996, Karl A. Siil wrote:
As this sounds like a previously solved problem, I wanted to find out about using DES (or any block cipher) as a stream cipher, i.e., in a manner that keeps input and output data length equal. I don't want to use a true stream cipher, as I want to use the same key for multiple messages and stream ciphers tend to place the bulk of their overhead in the re-key. Since stream ciphers have "memory," I would have to "re-key" to the same key for each of my messages. I would rather key something like DES once and run it in CBC mode or use some other form of IV.
Have a look at cipher feed back mode. I have functions I call cfb64 in my DES library that give a 'single' character interface to cfb mode DES using 64bit feedback. This should be what you want. I also have a triple DES version of cfb64. In my SSL library also has cfb64 mode for IDEA. eric ftp://ftp/pub/Crypto/DES ftp://ftp/pub/Crypto/SSL http://www.psy.uq.oz.au/~ftp/Crypto -- Eric Young | Signature removed since it was generating AARNet: eay@mincom.oz.au | more followups than the message contents :-)
As this sounds like a previously solved problem, I wanted to find out about using DES (or any block cipher) as a stream cipher, i.e., in a manner that keeps input and output data length equal. I don't want to use a true stream cipher, as I want to use the same key for multiple messages and stream ciphers tend to place the bulk of their overhead in the re-key. Since stream ciphers have "memory," I would have to "re-key" to the same key for each of my messages. I would rather key something like DES once and run it in CBC mode or use some other form of IV.
Well, it all depends on what encryption mode you are using. You can always use cfb or ecb or ofb modes to get a stream-like cipher. However you have to beware the security ramifications of using these encryption modes. FYI: PGP uses IDEA in cfb mode (albeit in a strange way). -derek
participants (4)
-
Derek Atkins -
Eric Young -
Karl A. Siil -
Perry E. Metzger