Basics.
In symmetric cryptography, encryption and decryption of a plaintext is done using the same key (unlike public-key cryptography). Trivium is a symmetric cipher and more specifically a stream cipher, meaning that a stream of random-looking (pseudorandom) bits is used for encryption/decryption (in contrast to a block ciphers where the plaintext is split into chunks). During the encryption phase the plaintext is XORed with the so-called key stream / output stream to give the ciphertext. Decryption is done analogously, i.e. the ciphertext is XORed with the key stream to give the original plaintext.
NLFSR.
A main building block of Trivium are so-called nonlinear-feedback shift registers (NLFSRs), which are extremely efficient to implement in hardware.
An NLFSR consist of an array of registers, where the size of the array is known as the degree of the NLFSR. Additionally, a feedback loop is specified by a set of boolean feedback coefficients.
The state of an NLFSR is updated in each "clock tick" by shifting the values in all the registers to the right and setting the new value of the left-most register equal to some nonlinear function of some subset of the current registers determined by the feedback coefficients. At each clock tick the NLFSR outputs the value of the right-most register. If the NLFSR has degree $n$, then the first $n$ bits of the output stream are exactly the initial state.
Background.
The Trivium stream cipher was selected as part of the portfolio of the eSTREAM project, a European effort completed in 2008 whose goal was to develop new stream ciphers. Its design was intended to have a simple description and a compact hardware description.
Trivium.
Trivium uses three coupled NLFSRs, call them $A$, $B$, and $C$, having degrees $93$, $84$, and $111$, respectively. The state of Trivium is simply the $288$ bits comprising the values in all the registers of the three NLFSRs. At each clock tick, the output of each NLFSR is XORed with the right-most register and one additional register; the output of Trivium is the XOR of the output bits of the three NLFSRs.
At each clock tick, the new value of the left-most register of each NLFSR is computed as a function of one of the registers in the same NLFSR and a subset of the registers from a second NLFSR.
Trivium uses an $80$-bit key and a $80$-bit initialisation vector (IV). The key is loaded into the $80$ left-most registers of $A$, and the IV is loaded into the $80$ left-most registers of $B$. The remaining registers are set to $0$, except for the three right registers of $C$, which are set to $1$. The NLFSRs are then run for $4\cdot 288$ clock ticks, (with the output discarded), and the resulting state is taken as the initial state. The cipher specification states that at most $2^{64}$ key stream bits can be generated from each key / IV pair.
Reference
Jonathan Katz and Yehuda Lindell. 2021. Introduction to Modern Cryptography, Second Edition (3rd. ed.). Chapman & Hall/CRC.
