We give an outline of the specification and provable security

features of the QUAD stream cipher proposed at Eurocrypt 2006.

The cipher relies on the iteration of a multivariate system of quadratic

equations over a finite field, typically GF(2) or a small extension. In the

binary case, the security of the keystream generation can be related, in

the concrete security model, to the conjectured intractability of the MQ

problem of solving a random system of m equations in n unknowns. We

show that this security reduction can be extended to incorporate the key

and IV setup and provide a security argument related to the whole stream

cipher.We also briefly address software and hardware performance issues

and show that if one is willing to pseudorandomly generate the systems

of quadratic polynomials underlying the cipher, this leads to suprisingly

inexpensive hardware implementations of QUAD.