### Salsa20 Cryptanalysis: New Moves and Revisiting Old Styles

Subhamoy Maitra, Goutam Paul, and Willi Meier

##### Abstract

In this paper, we revisit some existing techniques in Salsa20 cryptanalysis, and provide some new ideas as well. As a new result, we explain how a valid initial state can be obtained from a Salsa20 state after one round. This helps in studying the non-randomness of Salsa20 after 5 rounds. In particular, it can be seen that the 5-round bias reported by Fischer et al. (Indocrypt 2006) is a special case of our analysis. Towards improving the existing results, we revisit the idea of Probabilistic Neutral Bit (PNB) and how a proper choice of certain parameters reduce the complexity of the existing attacks. For cryptanalysis against 8-round Salsa20, we could achieve the key search complexity of $2^{247.2}$ compared to $2^{251}$ (FSE 2008) and $2^{250}$ (ICISC 2012).

Available format(s)
Category
Secret-key cryptography
Publication info
Published elsewhere. MINOR revision.WCC 2015
Keywords
Stream CipherSalsa20Salsa2012Non-RandomnessRound ReversalProbabilistic Neutral Bit (PNB)ARX Cipher.
Contact author(s)
subho @ isical ac in
History
Short URL
https://ia.cr/2015/217

CC BY

BibTeX

@misc{cryptoeprint:2015/217,
author = {Subhamoy Maitra and Goutam Paul and Willi Meier},
title = {Salsa20 Cryptanalysis: New Moves and Revisiting Old Styles},
howpublished = {Cryptology ePrint Archive, Paper 2015/217},
year = {2015},
note = {\url{https://eprint.iacr.org/2015/217}},
url = {https://eprint.iacr.org/2015/217}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.