Paper 2004/003

On the Role of the Inner State Size in Stream Ciphers

Erik Zenner


Many modern stream ciphers consist of a keystream generator and a key schedule algorithm. In fielded systems, security of the keystream generator is often based on a large inner state rather than an inherently secure design. Note, however, that little theory on the initialisation of large inner states exists, and many practical designs are based on an ad-hoc approach. As a consequence, an increasing number of attacks on stream ciphers exploit the (re-)initialisation of large inner states by a weak key schedule algorithm. In this paper, we propose a strict separation of keystream generator and key schedule algorithm in stream cipher design. A formal definition of inner state size is given, and lower bounds on the necessary inner state size are proposed. After giving a construction for a secure stream cipher from an insecure keystream generator, the limitations of such an approach are discussed. We introduce the notion of inner state size efficiency and compare it for a number of fielded stream ciphers, indicating that a secure cipher can be based on reasonable inner state sizes. Concluding, we ask a number of open questions that may give rise to a new field of research that is concerned with the security of key schedule algorithms.

Available format(s)
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
stream cipherkeystream generatorinner state
Contact author(s)
zenner @ th informatik uni-mannheim de
2004-01-06: received
Short URL
Creative Commons Attribution


      author = {Erik Zenner},
      title = {On the Role of the Inner State Size in Stream Ciphers},
      howpublished = {Cryptology ePrint Archive, Paper 2004/003},
      year = {2004},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.