Paper 2015/217

Salsa20 Cryptanalysis: New Moves and Revisiting Old Styles

Subhamoy Maitra, Goutam Paul, and Willi Meier

Abstract

In this paper, we revisit some existing techniques in Salsa20 cryptanalysis, and provide some new ideas as well. As a new result, we explain how a valid initial state can be obtained from a Salsa20 state after one round. This helps in studying the non-randomness of Salsa20 after 5 rounds. In particular, it can be seen that the 5-round bias reported by Fischer et al. (Indocrypt 2006) is a special case of our analysis. Towards improving the existing results, we revisit the idea of Probabilistic Neutral Bit (PNB) and how a proper choice of certain parameters reduce the complexity of the existing attacks. For cryptanalysis against 8-round Salsa20, we could achieve the key search complexity of $2^{247.2}$ compared to $2^{251}$ (FSE 2008) and $2^{250}$ (ICISC 2012).

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Published elsewhere. Minor revision. WCC 2015
Keywords
Stream CipherSalsa20Salsa2012Non-RandomnessRound ReversalProbabilistic Neutral Bit (PNB)ARX Cipher.
Contact author(s)
subho @ isical ac in
History
2015-03-08: received
Short URL
https://ia.cr/2015/217
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2015/217,
      author = {Subhamoy Maitra and Goutam Paul and Willi Meier},
      title = {Salsa20 Cryptanalysis: New Moves and Revisiting Old Styles},
      howpublished = {Cryptology {ePrint} Archive, Paper 2015/217},
      year = {2015},
      url = {https://eprint.iacr.org/2015/217}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.