Abstract
Salsa20 is a stream cipher designed by Bernstein in 2005 and Salsa20/12 has been selected into the final portfolio of the eSTREAM Project. ChaCha is a variant of Salsa20 with faster diffusion for similar performance. The previous best results on Salsa20 and ChaCha proposed by Aumasson et al. exploits the differential properties combined with the probabilistic neutral bits (PNB). In this paper, we extend their approach by considering a new type of distinguishers, named (column and row) chaining distinguishers. Besides, we exhibit new high probability second-order differential trails not covered by the previous methods, generalize the notion of PNB to probabilistic neutral vectors (PNV) and show that the set of PNV is no smaller than that of PNB. Based on these findings, we present improved key recovery attacks on reduced-round Salsa20 and ChaCha. Both time and data complexities of our attacks are smaller than those of the best former results.
This work was supported by the programs of the National Natural Science Foundation of China (Grant No. 60833008, 60603018, 61173134, 91118006, 61272476), the Strategic Priority Research Program of the Chinese Academy of Sciences (Grant No. XDA06010701) and the National Grand Fundamental Research 973 Program of China(Grant No. 2013CB338002).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bernstein, D.J.: Salsa20. Technical Report 2005/025, eSTREAM, ECRYPT Stream Cipher Project, http://cr.yp.to/snuffle.html
The eSTREAM project, http://www.ecrypt.eu.org/stream/
Bernstein, D.J.: Salsa20/8 and Salsa20/12. Technical Report 2006/007, eSTREAM, ECRYPT Stream Cipher Project, http://cr.yp.to/snuffle/812.pdf
Bernstein, D.J.: ChaCha, a variant of Salsa20, http://cr.yp.to/chacha.html
Crowley, P.: Truncated differential cryptanalysis of five rounds of Salsa20. In: Stream Ciphers Revisited - SASC 2006 (2006)
Velichkov, V., Mouha, N., De Cannière, C., Preneel, B.: UNAF: A Special Set of Additive Differences with Application to the Differential Analysis of ARX. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 287–305. Springer, Heidelberg (2012)
Fischer, S., Meier, W., Berbain, C., Biasse, J.-F., Robshaw, M.J.B.: Non-randomness in eSTREAM Candidates Salsa20 and TSC-4. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 2–16. Springer, Heidelberg (2006)
Tsunoo, Y., Saito, T., Kubo, H., Suzaki, T., Nakashima, H.: Differential cryptanalysis of Salsa20/8. In: The State of the Art of Stream Ciphers - SASC 2007 (2007)
Aumasson, J.-P., Fischer, S., Khazaei, S., Meier, W., Rechberger, C.: New features of Latin dances: analysis of Salsa, ChaCha, and Rumba. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 470–488. Springer, Heidelberg (2008)
Siegenthaler, T.: Decrypting a class of stream ciphers using ciphertext only. IEEE Transactions on Computers 34(1), 81–85 (1985)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Shi, Z., Zhang, B., Feng, D., Wu, W. (2013). Improved Key Recovery Attacks on Reduced-Round Salsa20 and ChaCha. In: Kwon, T., Lee, MK., Kwon, D. (eds) Information Security and Cryptology – ICISC 2012. ICISC 2012. Lecture Notes in Computer Science, vol 7839. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37682-5_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-37682-5_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37681-8
Online ISBN: 978-3-642-37682-5
eBook Packages: Computer ScienceComputer Science (R0)