- This page was last modified on 15 April 2025, at 02:15. Suggest an edit.
eSTREAM facts for kids
eSTREAM is a project to "identify new stream ciphers suitable for widespread adoption", organised by the EU ECRYPT network. It was set up as a result of the failure of all six stream ciphers submitted to the NESSIE project. The call for primitives was first issued in November 2004. The project was completed in April 2008. The project was divided into separate phases and the project goal was to find algorithms suitable for different application profiles.
Contents
Profiles
The submissions to eSTREAM fall into either or both of two profiles:
- Profile 1: "Stream ciphers for software applications with high throughput requirements"
- Profile 2: "Stream ciphers for hardware applications with restricted resources such as limited storage, gate count, or power consumption."
Both profiles contain an "A" subcategory (1A and 2A) with ciphers that also provide authentication in addition to encryption. In Phase 3 none of the ciphers providing authentication are being considered (The NLS cipher had authentication removed from it to improve its performance).
eSTREAM portfolio
As of September 2011[update] the following ciphers make up the eSTREAM portfolio:
| Profile 1 (software) | Profile 2 (hardware) |
|---|---|
| HC-128 [1] | Grain [2] |
| Rabbit [3] | MICKEY [4] |
| Salsa20/12 [5] | Trivium [6] |
| SOSEMANUK [7] |
These are all free for any use. Rabbit was the only one that had a patent pending during the eStream competition, but it was released into the public domain in October 2008.
The original portfolio, published at the end of Phase 3, consisted of the above ciphers plus F-FCSR which was in Profile 2. However, cryptanalysis of F-FCSR led to a revision of the portfolio in September 2008 which removed that cipher.
Phases
Phase 1
Phase 1 included a general analysis of all submissions with the purpose of selecting a subset of the submitted designs for further scrutiny. The designs were scrutinized based on criteria of security, performance (with respect to the block cipher AES—a US Government approved standard, as well as the other candidates), simplicity and flexibility, justification and supporting analysis, and clarity and completeness of the documentation. Submissions in Profile 1 were only accepted if they demonstrated software performance superior to AES-128 in counter mode.
Activities in Phase 1 included a large amount of analysis and presentations of analysis results as well as discussion. The project also developed a framework for testing the performance of the candidates. The framework was then used to benchmark the candidates on a wide variety of systems.
On 27 March 2006, the eSTREAM project officially announced the end of Phase 1.
Phase 2
On 1 August 2006, Phase 2 was officially started. For each of the profiles, a number of algorithms has been selected to be Focus Phase 2 algorithms. These are designs that eSTREAM finds of particular interest and encourages more cryptanalysis and performance evaluation on these algorithms. Additionally a number of algorithms for each profile are accepted as Phase 2 algorithms, meaning that they are still valid as eSTREAM candidates. The Focus 2 candidates will be re-classified every six months.
Phase 3
Phase 3 started in April 2007. Candidates for Profile 1 (software) were:
- CryptMT (version 3)
- Dragon
- HC (HC-128 and HC-256)
- LEX (LEX-128, LEX-192 and LEX-256)
- NLS (NLSv2, encryption only, not authentication)
- Rabbit
- Salsa20/12
- SOSEMANUK
Candidates for Profile 2 (hardware) were:
- DECIM (DECIM v2 and DECIM-128)
- F-FCSR (F-FCSR-H v2 and F-FCSR-16)
- Grain (Grain v1 and Grain-128)
- MICKEY (MICKEY 2.0 and MICKEY-128 2.0)
- Moustique, Pomaranch (version 3)
- Trivium
Phase 3 ended on 15 April 2008, with the announcement of the candidates that had been selected for the final eSTREAM portfolio. The selected algorithms were:
- For Profile 1: HC-128, Rabbit, Salsa20/12, and SOSEMANUK.
- For Profile 2: F-FCSR-H v2, Grain v1, Mickey v2, and Trivium.
Submissions
| Key | |
|---|---|
| P | In the eSTREAM profile |
| Formerly in the eSTREAM profile | |
| 3 | A "Phase 3" cipher |
| F | a "Focus Phase 2" cipher |
| 2 | A "Phase 2" cipher |
| A | An "archived" cipher |
| M | Includes a MAC |
| pat | Patented or patent pending; some uses require a license |
| Was pat, now free for any use |
In eSTREAM portfolio
The eSTREAM portfolio ciphers are, as of January 2012[update]:
| Profile 1 (software) |
Profile 2 (hardware) |
|---|---|
| 128-bit key | 80-bit key |
| HC-128 | Grain v1 |
| Rabbit | MICKEY 2.0 |
| Salsa20/12 | Trivium |
| SOSEMANUK | - |
Versions of the eSTREAM portfolio ciphers that support extended key lengths:
| Profile 1 (software) |
Profile 2 (hardware) |
|---|---|
| 256-bit key | 128-bit key |
| HC-256 | - |
| - | MICKEY-128 2.0 |
| Salsa20/12 | - |
| - | - |
Note that the 128-bit version of Grain v1 is no longer supported by its designers and has been replaced by Grain-128a. Grain-128a is not considered to be part of the eSTREAM portfolio.
As of December 2008[update]:
| Cipher | eSTREAM webpage |
Profile 1 (software) |
Profile 2 (hardware) |
Properties | Submitters |
|---|---|---|---|---|---|
| Grain | [8] | PF | Martin Hell, Thomas Johansson and Willi Meier | ||
| HC-256 (HC-128, HC-256) | [9] | PF | Hongjun Wu | ||
| MICKEY (MICKEY 2.0, MICKEY-128 2.0) | [10] | PF | Steve Babbage and Matthew Dodd | ||
| Rabbit | [11] | P | 2 | Martin Boesgaard, Mette Vesterager, Thomas Christensen and Erik Zenner | |
| Salsa20 | [12] | PF | 2 | Daniel J. Bernstein | |
| SOSEMANUK | [13] | P | Come Berbain, Olivier Billet, Anne Canteaut, Nicolas Courtois, Henri Gilbert, Louis Goubin, Aline Gouget, Louis Granboulan, Cédric Lauradoux, Marine Minier, Thomas Pornin and Hervé Sibert |
||
| Trivium | [14] | PF | Christophe De Cannière and Bart Preneel |
No longer in eSTREAM portfolio
This cipher was in the original portfolio but was removed in revision 1, published in September 2008.
| Cipher | eSTREAM webpage |
Profile 1 (software) |
Profile 2 (hardware) |
Properties | Submitters |
|---|---|---|---|---|---|
| F-FCSR (F-FCSR-H v2, F-FCSR-16) | [15] | Thierry Berger, François Arnault and Cédric Lauradoux |
Selected as Phase 3 candidates but not for the portfolio
| Cipher | eSTREAM webpage |
Profile 1 (software) |
Profile 2 (hardware) |
Properties | Submitters |
|---|---|---|---|---|---|
| CryptMT (version 3) | [16] | 3 | pat | Makoto Matsumoto, Hagita Mariko, Takuji Nishimura and Matsuo Saito |
|
| DECIM (DECIM v2, DECIM-128) | [17] | 3 | pat | Come Berbain, Olivier Billet, Anne Canteaut, Nicolas Courtois, Blandine Debraize, Henri Gilbert, Louis Goubin, Aline Gouget, Louis Granboulan, Cédric Lauradoux, Marine Minier, Thomas Pornin and Hervé Sibert |
|
| Dragon | [18] | 3F | Ed Dawson, Kevin Chen, Matt Henricksen, William Millan, Leonie Simpson, HoonJae Lee, SangJae Moon |
||
| Edon80 | [19] | 3 | Danilo Gligoroski, Smile Markovski, Ljupco Kocarev and Marjan Gusev |
||
| LEX | [20] | 3F | 2 | Alex Biryukov | |
| MOSQUITO (aka Moustique) | [21] | 3 | Joan Daemen and Paris Kitsos | ||
| NLS (NLSv2, encryption-only) | [22] | 3 | Gregory Rose, Philip Hawkes, Michael Paddon and Miriam Wiggers de Vries |
||
| Pomaranch (version 3) | [23] | 3 | Tor Helleseth, Cees Jansen and Alexander Kolosha |
Selected as Phase 2 focus candidates but not as Phase 3 candidates
| Cipher | eSTREAM webpage |
Profile 1 (software) |
Profile 2 (hardware) |
Properties | Submitters |
|---|---|---|---|---|---|
| Phelix | [24] | F | F | M | Doug Whiting, Bruce Schneier, Stefan Lucks and Frédéric Muller |
| Py | [25] | F | Eli Biham and Jennifer Seberry |
Selected as Phase 2 candidates but not as focus or Phase 3 candidates
| Cipher | eSTREAM webpage |
Profile 1 (software) |
Profile 2 (hardware) |
Properties | Submitters |
|---|---|---|---|---|---|
| ABC | [26] | 2 | Vladimir Anashin, Andrey Bogdanov, Ilya Kizhvatov and Sandeep Kumar |
||
| Achterbahn | [27] | 2 | Berndt Gammel, Rainer Göttfert and Oliver Kniffler | ||
| DICING | [28] | 2 | Li An-Ping | ||
| Hermes8 | [29] | A | 2 | Ulrich Kaiser | |
| NLS | [30] | 2 | 2 | Gregory Rose, Philip Hawkes, Michael Paddon and Miriam Wiggers de Vries |
|
| Polar Bear | [31] | 2 | 2 | Johan Håstad and Mats Näslund | |
| Pomaranch | [32] | A | 2 | Cees Jansen and Alexander Kolosha | |
| SFINKS | [33] | 2 | M | An Braeken, Joseph Lano, Nele Mentens, Bart Preneel and Ingrid Verbauwhede |
|
| TSC-3 | [34] | 2 | Jin Hong, Dong Hoon Lee, Yongjin Yeom, Daewan Han and Seongtaek Chee |
||
| VEST | [35] | 2 | M pat | Sean O'Neil, Benjamin Gittins and Howard Landman | |
| WG | [36] | 2 | Guang Gong and Yassir Nawaz | ||
| Yamb | [37] | 2 | 2 | LAN Crypto | |
| ZK-Crypt | [38] | 2 | M pat | Carmi Gressel, Ran Granot and Gabi Vago |
Not selected as focus or Phase 2 candidates
| Cipher | eSTREAM webpage |
Profile 1 (software) |
Profile 2 (hardware) |
Properties | Submitters |
|---|---|---|---|---|---|
| Frogbit | [39] | A | M pat | Thierry Moreau | |
| Fubuki | [40] | A | pat | Makoto Matsumoto, Hagita Mariko, Takuji Nishimura and Matsuo Saito |
|
| MAG | [41] | A | A | Rade Vuckovac | |
| Mir-1 | [42] | A | Alexander Maximov | ||
| SSS | [43] | A | A | M | Gregory Rose, Philip Hawkes, Michael Paddon and Miriam Wiggers de Vries |
| TRBDK3 YAEA | [44] | A | A | Timothy Brigham |
See also
- AES process
- CAESAR Competition – Competition to design authenticated encryption schemes
- NESSIE
- CRYPTREC