Akey generator (orkeygen) incryptography is aprotocol oralgorithm used to generate a sequence withpseudo-random characteristics for use as anencryption key.^[1][2][3] The generated sequence is used as an encryption key at one end of communication and as a decryption key at the other.

Key generators can be implemented in systems designed to generate, distribute, and authenticate^[4] keys forpublic key cryptography, where without theprivate key, one cannot access information encrypted with thepublic key.^[5]

For a key generator to be cryptographically secure, its output must have several properties:^[6]

• Uncorrelated sequences – no sequence of any given length should be correlated to any other sequence of the algorithm's output
• Long period – the sequence should not repeat for a very long time
• Uniform distribution – the output bits should be uniformly distributed
• Unpredictability – it should be computationally infeasible to predict future output given past output

Key generators typically rely on sources ofentropy to seed their algorithms, which may be hardware-based (such as electronic noise or timing variations) or software-based.^[6]

Symmetric key generators produce a single shared key used for both encryption and decryption. These generators often usepseudorandom number generators (PRNGs) seeded with entropy from various sources. Modern standards such asNIST SP 800-90 specify approved random bit generators for this purpose.^[7]

Instream ciphers, akeystream generator produces a continuous stream of pseudorandom bits that are combined with theplaintext using theXOR operation.^[8] The keystream generator takes a relatively short key (typically 80–256 bits) and aninitialization vector (IV) and expands them into a much longer keystream.^[9]

Common key generator implementations include:

• Linear-feedback shift registers (LFSRs) – widely used in hardware implementations due to their simplicity, though typically combined with non-linear functions to improve security^[8]
• A5/1 – the stream cipher used for GSM mobile phone encryption, based on three irregularly clocked LFSRs^[10]
• Trivium – aneSTREAM finalist stream cipher using three interconnected shift registers^[11]
• Grain – a lightweight stream cipher using both linear and non-linear feedback shift registers^[9]
• Solitaire (or Pontifex) cipher – a manual keystream generator using a deck of playing cards

• Key derivation function
• Key generation
• Cryptographically secure pseudorandom number generator
• Key management
• Stream cipher

• Key management
• Stream ciphers
• Cryptographic algorithms

• Articles with short description
• Short description is different from Wikidata