Key generator

A key generator (or keygen) in cryptography is a protocol or algorithm used to generate a sequence with pseudo-random characteristics for use as an encryption key. The generated sequence is used as an encryption key at one end of communication and as a decryption key at the other.

Key generators can be implemented in systems designed to generate, distribute, and authenticate keys for public key cryptography, where without the private key, one cannot access information encrypted with the public key.

Requirements

For a key generator to be cryptographically secure, its output must have several properties:

• Uncorrelated sequences – no sequence of any given length should be correlated to any other sequence of the algorithm's output
• Long period – the sequence should not repeat for a very long time
• Uniform distribution – the output bits should be uniformly distributed
• Unpredictability – it should be computationally infeasible to predict future output given past output

Key generators typically rely on sources of entropy to seed their algorithms, which may be hardware-based (such as electronic noise or timing variations) or software-based.

Types

Symmetric key generators

Symmetric key generators produce a single shared key used for both encryption and decryption. These generators often use pseudorandom number generators (PRNGs) seeded with entropy from various sources. Modern standards such as NIST SP 800-90 specify approved random bit generators for this purpose.

Keystream generators

In stream ciphers, a keystream generator produces a continuous stream of pseudorandom bits that are combined with the plaintext using the XOR operation. The keystream generator takes a relatively short key (typically 80–256 bits) and an initialization vector (IV) and expands them into a much longer keystream.

Examples

Common key generator implementations include:

• Linear-feedback shift registers (LFSRs) – widely used in hardware implementations due to their simplicity, though typically combined with non-linear functions to improve security
• A5/1 – the stream cipher used for GSM mobile phone encryption, based on three irregularly clocked LFSRs
• Trivium – an eSTREAM finalist stream cipher using three interconnected shift registers
• Grain – a lightweight stream cipher using both linear and non-linear feedback shift registers
• Solitaire (or Pontifex) cipher – a manual keystream generator using a deck of playing cards

See also

• Key derivation function
• Key generation
• Cryptographically secure pseudorandom number generator
• Key management
• Stream cipher

References