Cryptographic ciphers, keyed one-way hashes and pseudo-random number generators are well known for providing the underpinnings of security systems and secure communication channels. The availability of good commercial quality ciphers and one-way hashes has helped enable commercial data traffic over the insecure Internet. One of the goals of cryptographic ciphers is to encrypt and decrypt efficiently the communication channels between computers, routers and firewalls in such a manner as to scale smoothly from the very high bandwidth fiber optic channels to the slow telephone connections carrying Internet data packet traffic without significantly burdening a host computer's or router's processor. Unfortunately, the computer processing overhead typically needed by standard ciphers in a secure computer network protocol tends to be relatively large compared to what is required to support the non-cryptographic processing portion of that protocol over a communications channel. Moreover, one-way hashes, keyed or not, can add significantly to the processing burden when used in a secure computer network protocol.
In a general form, existing ciphers have been optimized using classic computer programming techniques. However, even the best techniques often only yield nominal performance gains. Ciphers are usually extremely difficult to optimize, via techniques like loop unrolling, because by their very nature they are designed to prevent brute force attack methods that attempt to simplify the cryptographic processing. Even modern ciphers designed with modern microprocessor architectures in mind cannot always take advantage of larger registers, multiple microinstruction pipelines or on-chip caches. This is more problematic with one-way hashes which by design typically compress data bits randomly throughout a data block. One way hashes are difficult to optimize properly on modern microprocessors.
In the class of stream ciphers, Vernam ciphers stand out in their ability to very efficiently encrypt and decrypt without modifying the data payload sizes of computer network protocol packets. The cipher's computational overhead is minimal making it an extremely desirable candidate to encipher computer network communications. Both the USA and Russia use a variant known as a one-time pad system to encipher diplomatic and spy communications. This is theoretically and in practice unbreakable. However it is impractical to implement it in a large-scale security system due to the stupendous amounts of key material that needs to be distributed and managed.
In the early 1990's some stream ciphers were developed that used an internal PRNG seeded with a random key to generate a Vernam key stream. Notable examples are RC4 and SEAL. These ciphers are typically about half a magnitude faster than a comparable block cipher such as DES or AES. Their main limitation is that they cannot randomly access and operate on any part of a data stream. This limits their ability to support datagram protocols like IPv4, where data packets may arrive out of order. Since their key setup costs are high, this also limits their utility in supporting a datagram protocol which may need to rekey frequently, often per packet.
Most security systems that utilize a Vernam stream cipher typically have a very good quality source of large amounts of random bits over a given period of time, to be used for keying materials. The hardware based random number generators typically cannot supply sufficient random bits for this system.
In most security network protocols, packets have their integrity and authenticity ensured during transit over an insecure network channel. A method used is a keyed one-way hash, or message authentication code (MAC). HMAC, using either the MD5 or the SHA-1 hash, has been the utilized for recent Internet security protocols. The difficulty with using either hash is that for a legacy protocol like IPv4 there is not enough room for all the bits of the hash in the packet header. Furthermore, these hashes were designed to protect large files of indeterminate size. Often their design and implementation is not suited for protocols that typically require very fast operation over packets with a known maximum size, such as 64 kilobytes for IPv4 packets.