[Cryptography] Stream Cipher over Unreliable Transport

[Sid Spry]

Hello list,

I'm assuming the title has been done before. I am having some trouble turning up good examples of an implementation. Most stream ciphers I can find discussed assume transport integrity.

My algorithm agnostic design is:

1[sequence number] | 2[ 3[signature] 4[sequence number] 5[data] ]

Though this is still packetized. Estimated acceptable packet size is 1024 bytes or less, ~256 bytes preferred.

The first block is a sequence number directly encoding stream cipher state so that messages may be missed. The second block is the encrypted payload which contains a signature for authenticity followed by a sequence number which must match to avoid replay attacks, followed by the data. (Or, alternatively, the internal sequence number can correspond to the external one by some secret relation.) The cipher will be set up by a separate, slower but reliable transport so the stream cipher initialization can be exchanged as well as the signing key.

Is this sound? Is there something already in existence? The best I remember but cannot re-find is a disk encryption block mode that allows for missing blocks that I could repurpose. My imagined selection is one of ChaCha20, AES-CTR block mode, or something based on the Mersenne twister, if any of those aren't patent encumbered.

I've also found https://www.schneier.com/academic/archives/2005/01/phelix.html, the evolution of an earlier stream cipher with built-in MAC. However this looks to also assume transport integrity.

Cheers.