Paper 2015/698
Chosen IV Cryptanalysis on Reduced Round ChaCha and Salsa
Subhamoy Maitra
Abstract
Recently, ChaCha20 (the stream cipher ChaCha with 20 rounds) is in the process of being a standard and thus it attracts serious interest in cryptanalysis. The most significant effort to analyse Salsa and ChaCha had been explained by Aumasson et al long back (FSE 2008) and further, only minor improvements could be achieved. In this paper, first we revisit the work of Aumasson et al to provide a clearer insight of the existing attack (2^{248} complexity for ChaCha7, i.e., 7 rounds) and showing certain improvements (complexity around 2^{243}) by exploiting additional Probabilistic Neutral Bits. More importantly, we describe a novel idea that explores proper choice of IVs corresponding to the keys, for which the complexity can be improved further (2^{239}). The choice of IVs corresponding to the keys is the prime observation of this work. We systematically show how a single difference propagates after one round and how the differences can be reduced with proper choices of IVs. For Salsa too (Salsa20/8, i.e., 8 rounds), we get improvement in complexity, reducing it to 2^{245.5} from 2^{247.2} reported by Aumasson et al.
Note: Some latex marks in the abstract are removed as per eprint Editor's suggestion. One paragraph added in contribution to explain the scenario more clearly. Acknowledgment is added too.
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Preprint. MINOR revision.
- Contact author(s)
- subho @ isical ac in
- History
- 2015-07-14: last of 2 revisions
- 2015-07-14: received
- See all versions
- Short URL
- https://ia.cr/2015/698
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2015/698,
author = {Subhamoy Maitra},
title = {Chosen {IV} Cryptanalysis on Reduced Round {ChaCha} and Salsa},
howpublished = {Cryptology {ePrint} Archive, Paper 2015/698},
year = {2015},
url = {https://eprint.iacr.org/2015/698}
}
