Vulnerabilities of Stream Ciphers

Stream ciphers might suffer from several vulnerabilities (weaknesses):

  1. Key Reuse. In many real-world circumstances, keys have been reused for encrypting messages. This is especially true when the length of a key is small (so the set of all possible keys is small,) leading to an increased key reuse.

    The consequence of key reuse is that if a hacker cracks one of the messages, they will know what all the other messages encrypted with this same key are, without even needing to know what the key is. This is true because:
    c1 ⊕ c2 = (p1 ⊕ key) ⊕ (p2 ⊕ key)
             = p1 ⊕ p2 ⊕ (key ⊕ key)
             = p1 ⊕ p2
    since the key, when XORed with itself, becomes a string of 0s and so is canceled out. Now, we have
    c1 ⊕ c2 = p1 ⊕ p2, so: p2 = (c1 ⊕ c2) ⊕ p1, showing that anyone knowing the 1st plaintext message and both cipherstexts will know the 2nd plaintext message!
These notes by Miriam Briskman are licensed under CC BY-NC 4.0 and based on sources.