The one-time pad provides a strong form of secrecy, but since key transmission is difficult, it is desirable to devise substitutes that are easier to use. Stream ciphers are one way of achieving this goal. As in the one-time pad, the plaintext is written as a string of bits. Then a binary keystream is generated and XORed with the plaintext to produce the ciphertext.

Figure 5.1 Stream cipher encryption

For the system to be secure, the keystream needs to approximate a random sequence, so we need a good source of random-looking bits. In Section 5.1, we discuss pseudorandom number generators. In Sections 5.2 and 5.3, we describe two commonly used stream ciphers and the pseudorandom number generators that they use. Although they have security weaknesses, they give an idea of methods that can be used.

In the next chapter, we discuss block ciphers and various modes of operations. Some of the most secure stream ciphers are actually good block ciphers used, for example, in OFB or CTR mode. See Subsections 6.3.4 and 6.3.5.

There is one problem that is common to all stream ciphers that are obtained by XORing pseudorandom numbers with plaintext and is one of the reasons that authentication and message integrity checks are added to protect communications. Suppose Eve knows where the word “good” occurs in a plaintext that has been encrypted with a stream cipher. If she intercepts the ciphertext, she can XOR the bits for $\text{good }\oplus \text{ evil}$ at the appropriate place in the ciphertext before continuing the transmission of the ciphertext. When the ciphertext is decrypted, “good” will be changed to “evil.” This type of attack was one of the weaknesses of the WEP system, which is discussed in Section 14.3.