Significantly Improved Multi-bit Differentials for Reduced Round Salsa and ChaCha
ChaCha and Salsa are two software oriented stream ciphers that have attracted serious attention in academic as well as commercial domain. The most important cryptanalysis of reduced versions of these ciphers was presented by Aumasson et al. in FSE 2008. One part of their attack was to apply input di...
Saved in:
| Published in | IACR Transactions on Symmetric Cryptology pp. 261 - 287 |
|---|---|
| Main Authors | , |
| Format | Journal Article |
| Language | English |
| Published |
Ruhr-Universität Bochum
01.02.2017
|
| Subjects | |
| Online Access | Get full text |
| ISSN | 2519-173X |
| DOI | 10.13154/tosc.v2016.i2.261-287 |
Cover
| Abstract | ChaCha and Salsa are two software oriented stream ciphers that have attracted serious attention in academic as well as commercial domain. The most important cryptanalysis of reduced versions of these ciphers was presented by Aumasson et al. in FSE 2008. One part of their attack was to apply input difference(s) to investigate biases after a few rounds. So far there have been certain kind of limited exhaustive searches to obtain such biases. For the first time, in this paper, we show how to theoretically choose the combinations of the output bits to obtain significantly improved biases. The main idea here is to consider the multi-bit differentials as extension of suitable single-bit differentials with linear approximations, which is essentially a differential-linear attack. As we consider combinations of many output bits (for example 19 for Salsa and 21 for ChaCha), exhaustive search is not possible here. By this method we obtain very high biases for linear combinations of bits in Salsa after 6 rounds and in ChaCha after 5 rounds. These are clearly two rounds of improvement for both the ciphers over the existing works. Using these biases we obtain several significantly improved cryptanalytic results for reduced round Salsa and ChaCha that could not b obtained earlier. In fact, with our results it is now possible to cryptanalyse 6-round Salsa and 5-round ChaCha in practical time. |
|---|---|
| AbstractList | ChaCha and Salsa are two software oriented stream ciphers that have attracted serious attention in academic as well as commercial domain. The most important cryptanalysis of reduced versions of these ciphers was presented by Aumasson et al. in FSE 2008. One part of their attack was to apply input difference(s) to investigate biases after a few rounds. So far there have been certain kind of limited exhaustive searches to obtain such biases. For the first time, in this paper, we show how to theoretically choose the combinations of the output bits to obtain significantly improved biases. The main idea here is to consider the multi-bit differentials as extension of suitable single-bit differentials with linear approximations, which is essentially a differential-linear attack. As we consider combinations of many output bits (for example 19 for Salsa and 21 for ChaCha), exhaustive search is not possible here. By this method we obtain very high biases for linear combinations of bits in Salsa after 6 rounds and in ChaCha after 5 rounds. These are clearly two rounds of improvement for both the ciphers over the existing works. Using these biases we obtain several significantly improved cryptanalytic results for reduced round Salsa and ChaCha that could not b obtained earlier. In fact, with our results it is now possible to cryptanalyse 6-round Salsa and 5-round ChaCha in practical time. |
| Author | Subhamoy Maitra Arka Rai Choudhuri |
| Author_xml | – sequence: 1 fullname: Arka Rai Choudhuri organization: Department of Computer Science, Johns Hopkins University, 3400 N Charles St, Baltimore, MD 21218 – sequence: 2 fullname: Subhamoy Maitra organization: Applied Statistics Unit, Indian Statistical Institute, 203 B T Road, Kolkata 700 108 |
| BookMark | eNotjO1KwzAYhYMoOOduQXoDrX2TtGl-yvzYYCJuCv4rb75mRteMNBvs7i0qHHgOD4dzQy770FtC7qAsgEHF71MYdHGiJdSFpwWtIaeNuCATWoHMQbCvazIbhl1ZlrSRrOZyQt43ftt75zX2qTtny_0hhpM12euxSz5XPmWP3jkbbZ88dkPmQszW1hz1uFmHY2-yzagxw7HNv3HMLblyo7Kzf07J5_PTx3yRr95elvOHVW6ggpRbpXVZ1dIhWI6u5k4L7XgjhGQgpZKKNs5IcAwNBQ5WYsMldxYRHSrDpmT592sC7tpD9HuM5zagb39FiNsWY_K6s63mijHQggrKuUGpWINCcWmZomBZzX4AUq9iMw |
| ContentType | Journal Article |
| DBID | DOA |
| DOI | 10.13154/tosc.v2016.i2.261-287 |
| DatabaseName | DOAJ Directory of Open Access Journals |
| DatabaseTitleList | |
| Database_xml | – sequence: 1 dbid: DOA name: DOAJ Directory of Open Access Journals url: https://www.doaj.org/ sourceTypes: Open Website |
| DeliveryMethod | fulltext_linktorsrc |
| EISSN | 2519-173X |
| EndPage | 287 |
| ExternalDocumentID | oai_doaj_org_article_c4b331c727244da9b38a7b49e3b21e36 |
| GroupedDBID | ADBBV ALMA_UNASSIGNED_HOLDINGS BCNDV GROUPED_DOAJ |
| ID | FETCH-LOGICAL-d151t-ebcc0569fa1e4af64fc7cf487793199b9b28fd91f3ad2141e9a8494feaaafabd3 |
| IEDL.DBID | DOA |
| IngestDate | Wed Aug 27 01:28:22 EDT 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Language | English |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-d151t-ebcc0569fa1e4af64fc7cf487793199b9b28fd91f3ad2141e9a8494feaaafabd3 |
| OpenAccessLink | https://doaj.org/article/c4b331c727244da9b38a7b49e3b21e36 |
| PageCount | 27 |
| ParticipantIDs | doaj_primary_oai_doaj_org_article_c4b331c727244da9b38a7b49e3b21e36 |
| PublicationCentury | 2000 |
| PublicationDate | 2017-02-01 |
| PublicationDateYYYYMMDD | 2017-02-01 |
| PublicationDate_xml | – month: 02 year: 2017 text: 2017-02-01 day: 01 |
| PublicationDecade | 2010 |
| PublicationTitle | IACR Transactions on Symmetric Cryptology |
| PublicationYear | 2017 |
| Publisher | Ruhr-Universität Bochum |
| Publisher_xml | – name: Ruhr-Universität Bochum |
| SSID | ssj0002893649 |
| Score | 2.1991737 |
| Snippet | ChaCha and Salsa are two software oriented stream ciphers that have attracted serious attention in academic as well as commercial domain. The most important... |
| SourceID | doaj |
| SourceType | Open Website |
| StartPage | 261 |
| SubjectTerms | ARX Cipher Bias ChaCha Differential-Linear Cryptanalysis Non-Randomness Probabilistic Neutral Bit (PNB) Salsa Stream Cipher |
| Title | Significantly Improved Multi-bit Differentials for Reduced Round Salsa and ChaCha |
| URI | https://doaj.org/article/c4b331c727244da9b38a7b49e3b21e36 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV1LS8QwEA6yJy-iqPgmB6_pNo9Nm6OuLoug4K4LeyuTl65IV7QK_nsnbQ978yL0UEIpzUyH75tk8g0hl9Jr6aLzTIICphCzmFUQGXCrRYilHoW0Dnn_oKcLdbccLTdafaWasE4euDPc0CkrJXdpv1ApD8bKEgqrTJBW8CBbse3c5BvJ1Gu3fSa1Mv2RYIk8YdisP132jXins5XI0rKLSHV0G0r9LaRMdslOzwXpVfcNe2Qr1Pvkcb56rlP9Dk757Yd2SX_wtD0pi3lsQ2_6niZN-nUokk46S_qr-Mws9UiicxwGCng3fgG8Dshicvs0nrK-7wHziL8NC9Y55CUmAg9oN62iK1zEzAJjiRtjjRVl9IZHCV5wxYOBUhkVAwBEsF4ekkG9rsMRoc6Vwcvc-wJtFpGiYkQXlptSQ4pcfkyu0_yr907aokpi0-0AuqDqXVD95YKT_3jJKdkWCTHbgugzMmg-vsI54n1jL1rX_gIWw6oY |
| linkProvider | Directory of Open Access Journals |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Significantly+Improved+Multi-bit+Differentials+for+Reduced+Round+Salsa+and+ChaCha&rft.jtitle=IACR+Transactions+on+Symmetric+Cryptology&rft.au=Arka+Rai+Choudhuri&rft.au=Subhamoy+Maitra&rft.date=2017-02-01&rft.pub=Ruhr-Universit%C3%A4t+Bochum&rft.eissn=2519-173X&rft.spage=261&rft.epage=287&rft_id=info:doi/10.13154%2Ftosc.v2016.i2.261-287&rft.externalDBID=DOA&rft.externalDocID=oai_doaj_org_article_c4b331c727244da9b38a7b49e3b21e36 |