Key generator
Algorithm used to generate cryptographic keys
From Wikipedia, the free encyclopedia
A key generator (or keygen) in cryptography is a protocol or algorithm used to generate a sequence with pseudo-random characteristics for use as an encryption key.[1][2][3] The generated sequence is used as an encryption key at one end of communication and as a decryption key at the other.
Key generators can be implemented in systems designed to generate, distribute, and authenticate[4] keys for public key cryptography, where without the private key, one cannot access information encrypted with the public key.[5]
Requirements
For a key generator to be cryptographically secure, its output must have several properties:[6]
- Uncorrelated sequences – no sequence of any given length should be correlated to any other sequence of the algorithm's output
- Long period – the sequence should not repeat for a very long time
- Uniform distribution – the output bits should be uniformly distributed
- Unpredictability – it should be computationally infeasible to predict future output given past output
Key generators typically rely on sources of entropy to seed their algorithms, which may be hardware-based (such as electronic noise or timing variations) or software-based.[6]
Types
Symmetric key generators
Symmetric key generators produce a single shared key used for both encryption and decryption. These generators often use pseudorandom number generators (PRNGs) seeded with entropy from various sources. Modern standards such as NIST SP 800-90 specify approved random bit generators for this purpose.[7]
Keystream generators
In stream ciphers, a keystream generator produces a continuous stream of pseudorandom bits that are combined with the plaintext using the XOR operation.[8] The keystream generator takes a relatively short key (typically 80–256 bits) and an initialization vector (IV) and expands them into a much longer keystream.[9]
Examples
Common key generator implementations include:
- Linear-feedback shift registers (LFSRs) – widely used in hardware implementations due to their simplicity, though typically combined with non-linear functions to improve security[8]
- A5/1 – the stream cipher used for GSM mobile phone encryption, based on three irregularly clocked LFSRs[10]
- Trivium – an eSTREAM finalist stream cipher using three interconnected shift registers[11]
- Grain – a lightweight stream cipher using both linear and non-linear feedback shift registers[9]
- Solitaire (or Pontifex) cipher – a manual keystream generator using a deck of playing cards