Glossary

Stream cipher

keystream cipherstream encryption algorithm

A stream cipher encrypts data by combining plaintext with a pseudorandom keystream generated from a secret key and nonce.

Definition

A stream cipher generates a pseudorandom keystream from a secret key and usually a nonce, then combines it with plaintext—commonly using XOR—to produce ciphertext. Decryption combines the same keystream with the ciphertext. ChaCha20 is a modern example.

Keystream reuse

The same keystream must never encrypt two different messages. Reusing a key and nonce can expose the XOR of the plaintexts and allow both messages to be recovered. Protocols therefore assign a unique nonce to every encryption under a key.

Integrity

A basic stream cipher provides confidentiality but does not detect modification: changing a ciphertext bit predictably changes the plaintext. Modern systems use an authenticated construction such as ChaCha20-Poly1305 and verify its tag before releasing data.

Frequently asked questions

No. A native stream cipher generates keystream, while a block cipher permutes fixed-size blocks. Some block-cipher modes behave like stream ciphers.

Usually yes. It must be unique for the key; secrecy is normally not required.

It repeats the keystream, canceling it when ciphertexts are compared and exposing a direct relationship between the plaintexts.

See also