From: Tim Dierks <timd@consensus.com>
Date: Tue, 23 Apr 1996 14:37:01 +0800
To: "Karl A. Siil" <cypherpunks@toad.com
Subject: Re: DES as a stream cipher
Message-ID: <v02140b0aada1b8276f86@[206.170.39.104]>
MIME-Version: 1.0
Content-Type: text/plain


At 2:45 PM 4/22/96, Karl A. Siil wrote:
>Folks,
>
>As this sounds like a previously solved problem, I wanted to find out about
>using DES (or any block cipher) as a stream cipher, i.e., in a manner that
>keeps input and output data length equal. I don't want to use a true stream
>cipher, as I want to use the same key for multiple messages and stream
>ciphers tend to place the bulk of their overhead in the re-key. Since stream
>ciphers have "memory," I would have to "re-key" to the same key for each of
>my messages. I would rather key something like DES once and run it in CBC
>mode or use some other form of IV.
>
>Help or pointers to help are greatly appreciated.

Just generate a stream of octets by running DES (or some other block
cipher) in the following mode:

C_-1 = IV
C_n = E_K(C_n-1)

i.e., start by encrypting the IV with your key, and thereafter generate a
block by encrypting the previous block with your key. Here the IV is
essentially part of the key.

XOR the resulting bits (or octets) with your plaintext to generate an
encrypted stream. Remember within your cipher's state the current output
block and how much of it you've used.

Note that if you reuse a key, you'll enable attacks that rely on the fact
that similar messages will produce similar ciphertext.

 - Tim Dierks

Tim Dierks  --  timd@consensus.com  --  www.consensus.com
Head of Thing-u-ma-jig Engineering, Consensus Development