4

I​ fail to understand what block ciphers can do that stream ciphers cannot. Also aren't they construct able from one another. prg(stream cipher) -> prf -> prp(block cipher) Any practical example would be very helpful

xzijoq
  • 41
  • 1
  • Reusing gamma (or key, which gamma is derived from) in stream ciphers lead to their insecurity. That's why you cannot reuse key-nonce pair for some block cipher modes of operations, that turn block ciphers into stream ones. In contrast block ciphers (with proper use of modes of operations) are CPA-secure (key can be used several times) – Georgy Firsov Jul 24 '22 at 18:37
  • I'm not sure that it is that practical to go from PRG-> PRF. There is an answer on how to do that here. On the other hand, you can create a hash, MAC (PRF) or stream cipher (PRG) and even an authenticated mode (OCB) rather easily from a block cipher (or, of course, from a sponge construction :) ) Beware that any logical reasoning here may not answer your actual question: why. Block ciphers are old constructs, they were created because somebody designed them I suppose. – Maarten Bodewes Jul 24 '22 at 19:04
  • It's an interesting question. I can see that one of the tags is "chacha" and the existence of chcha20+poly1305 is a reason that we do not need PRP block-ciphers to achieve most of our desired security properties. – Habib Jul 25 '22 at 10:10
  • 2
    Can we confidently say that ChaCha itself doesn't have block cipher properties though? – Maarten Bodewes Jul 26 '22 at 00:16
  • @Habib sousemanuk and other estream ciphers i think are also similar to salsa(chaha) in that respect, and i dont know but maybe there are more of em. – xzijoq Jul 26 '22 at 07:11
  • @Maarten aes was adopted in 2001 and salsa was also pre 2004, looking at the wikipedia page they seems to be of roughly same age, it may not be efficient for all prg->prf construction but for many it is, same can be said for all prp-prg construction in efficieny, also ciphers like salasa(chaha) are made directly form prf (again from wiki page).......... chacha does share properties of block cipher and even sosemanuk was inspired by a block cipher, but still they are classified as stream ciphers – xzijoq Jul 26 '22 at 07:32
  • @GeorgyFirsov i dont know what you mean by gamma, do u mean naunce, but clearly chaha is considered a substitute for aes, with mac (poly1305 or (blake)) etc it can be made even cca secure, i guess (iam kindda new to this stuff), with better perfomence on non hardware support – xzijoq Jul 26 '22 at 07:47
  • @xzijoq gamma in stream ciphers is a pseudorandom sequence that is combined with plain text to produce ciphertext. It is generated from a key using PRNG. Consider the following stream cipher: $c = \gamma \oplus m$, where $m$ is a plaintext unit (bit, or byte, or smth. else), $c$ $-$ corresponding ciphertext unit and $\gamma$ is a pseudorandom sequence (gamma). When turn block cipher into stream one (CTR, OFB, CFB, etc. modes) gamma is generated from key and nonce using a block cipher – Georgy Firsov Jul 26 '22 at 15:05
  • 1
    @MaartenBodewes Interestingly, I recently asked one my of friends this very question and she told me maybe the reason is designing and analysing the security of block-ciphers is easier than stream-ciphers. And, chcha20 is an example of stream-ciphers which try to mimick block-ciphers wiuthout losing the performance that a stream-cipher has. (Probably analysing block-ciphers is easier because we have developed more tools and methods for them) – Habib Jul 27 '22 at 16:22

0 Answers0