Paper 2020/1049

Rotational analysis of ChaCha permutation

Stefano Barbero, Emanuele Bellini, and Rusydi Makarim

Abstract

We show that the underlying permutation of ChaCha20 stream cipher does not behave as a random permutation for up to 17 rounds with respect to rotational cryptanalysis. In particular, we derive a lower and an upper bound for the rotational probability through ChaCha quarter round, we show how to extend the bound to a full round and then to the full permutation. The obtained bounds show that the probability to find what we call a parallel rotational collision is, for example, less than $2^{-488}$ for 17 rounds of ChaCha permutation, while for a random permutation of the same input size, this probability is $2^{-511}$. We remark that our distinguisher is not an attack to ChaCha20 stream cipher, but rather a theoretical analysis of its internal permutation from the point of view of rotational cryptanalysis.

Metadata
Available format(s)
PDF
Category
Secret-key cryptography
Publication info
Preprint. MINOR revision.
Keywords
ChaCha20Stream CipherRotational cryptanalysisPermutationDistinguisher
Contact author(s)
eemanuele bellini @ gmail com
History
2020-09-01: received
Short URL
https://ia.cr/2020/1049
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2020/1049,
      author = {Stefano Barbero and Emanuele Bellini and Rusydi Makarim},
      title = {Rotational analysis of {ChaCha} permutation},
      howpublished = {Cryptology {ePrint} Archive, Paper 2020/1049},
      year = {2020},
      url = {https://eprint.iacr.org/2020/1049}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.