Proving the biases of Salsa and ChaCha in differential attack | Designs, Codes and Cryptography Skip to main content
Springer Nature Link
Log in

Proving the biases of Salsa and ChaCha in differential attack

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Salsa and ChaCha are two of the most famous stream ciphers in recent times. Most of the attacks available so far against these two ciphers are differential attacks, where a difference is given as an input in the initial state of the cipher and in the output some correlation is investigated. This correlation works as a distinguisher. All the key recovery attacks against these ciphers are based on these observed distinguishers. However, the distinguisher in the differential attack was purely an experimental observation, and the reason for this bias was unknown so far. In this paper, we provide a full theoretical proof of both the observed distinguishers for Salsa and ChaCha. In the key recovery attack, the idea of probabilistically neutral bit also plays a vital role. Here, we also theoretically explain the reason of a particular key bit of Salsa to be probabilistically neutral. This is the first attempt to provide a theoretical justification of the idea of differential key recovery attack against these two ciphers.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
¥17,985 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price includes VAT (Japan)

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Aumasson J.P., Fischer S., Khazaei S., Meier W., Rechberger C.: New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba. FSE 2008, LNCS 5086, pp. 470–488 (2008).

  2. Bernstein D.J.: Salsa20 specification. eSTREAM Project algorithm description (2005). http://www.ecrypt.eu.org/stream/salsa20pf.html.

  3. Bursztein E.: Speeding up and strengthening HTTPS connections for Chrome on Android (2014). https://security.googleblog.com/2014/04/speeding-up-and-strengthening-https.html.

  4. Choudhuri A.R., Maitra S.: Significantly improved multi-bit differentials for Reduced Round Salsa and ChaCha. IACR Trans. Symmetric Cryptol. 2016(2), 261–287 (2016). http://eprint.iacr.org/2016/1034.

  5. Crowley P.: Truncated differential cryptanalysis of five rounds of Salsa20. IACR 2005. http://eprint.iacr.org/2005/375.

  6. Deepthi K., Singh K.: Cryptanalysis of Salsa and ChaCha: revisited. In: International Conference on Mobile Networks and Management (2018).

  7. Dey S., Sarkar S.: Improved analysis for reduced round Salsa and ChaCha. Discret. Appl. Math. 227(2017), 58–69 (2017).

    Article  MathSciNet  Google Scholar 

  8. Dey S., Sarkar S.: Settling the mystery of \(Z_r=r\) in RC4. Cryptogr. Commun. 11(4), 697–715 (2019).

    Article  MathSciNet  Google Scholar 

  9. Dey S., Sarkar S.: Proving the forward bias of Salsa. In: Workshop on Coding and Cryptography (2019). https://www.lebesgue.fr/sites/default/files/proceedings_WCC/WCC_2019_paper_48.pdf.

  10. Dey S., Roy T., Sarkar S.: Revisiting the design principles of Salsa and ChaCha. Adv. Math. Commun. 13(3), 689–704 (2019).

    Article  MathSciNet  Google Scholar 

  11. Ding L.: Improved related-cipher attack on Salsa20 Stream Cipher. IEEE Access 7, 30197–30202 (2019).

    Article  Google Scholar 

  12. Fischer S., Meier W., Berbain C., Biasse J.F.: Non-randomness in eSTREAM Candidates Salsa20 and TSC-4. In: Indocrypt 2006, LNCS 4329, pp. 2–16 (2006).

  13. Isobe T., Ohigashi T., Watanabe Y., Morii M.: Full plaintext recovery attack on broadcast RC4. In: FSE 2013, LNCS 8424, pp. 179–202 (2013).

  14. Maitra S.: Chosen IV cryptanalysis on Reduced Round ChaCha and Salsa. Discret. Appl. Math. 208, 88–97 (2016).

    Article  MathSciNet  Google Scholar 

  15. Maitra S., Paul G., Meier W.: Salsa20 Cryptanalysis: New Moves and Revisiting Old Styles. WCC (2015). http://eprint.iacr.org/2015/217.

  16. Mantin I., Shamir A.: A practical attack on broadcast RC4. In: FSE, LNCS 2355, pp. 152–164 (2001).

  17. Neves S., Araujo F.: An observation on NORX, BLAKE2, and ChaCha. Inf. Process. Lett. (2019). https://doi.org/10.1016/j.ipl.2019.05.001.

    Article  MathSciNet  MATH  Google Scholar 

  18. Sengupta S., Maitra S., Paul G., Sarkar S.: (Non-)random sequences from (non-)random permutations—analysis of RC4 stream cipher. J. Cryptol. 27(1), 67–108 (2014). http://eprint.iacr.org/2011/448.

  19. Shi Z., Zhang B., Feng D., Wu W.: Improved key recovery attacks on Reduced-Round Salsa20 and ChaCha. In: ICISC, LNCS 7839, pp. 337–351 (2012).

  20. Tsunoo Y., Saito T., Kubo H., Suzaki T., Nakashima H.: Differential Cryptanalysis of Salsa20/8. SASC (2007). http://www.ecrypt.eu.org/stream/papersdir/2007/010.pdf.

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics, Birla Institute of Technology and Science Pilani, Hyderabad, Jawahar Nagar, Hyderabad, 500078, India

    Sabyasachi Dey

  2. Department of Mathematics, Indian Institute of Technology Madras, Sardar Patel Road, Chennai, 600036, India

    Santanu Sarkar

Authors
  1. Sabyasachi Dey
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Santanu Sarkar
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Santanu Sarkar.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

The first version of this work [30] was presented in the “Eleventh International Workshop on Coding and Cryptography (WCC 2019)”.

This is one of several papers published in Designs, Codes and Cryptography comprising the “Special Issue on Coding and Cryptography 2019”.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Dey, S., Sarkar, S. Proving the biases of Salsa and ChaCha in differential attack. Des. Codes Cryptogr. 88, 1827–1856 (2020). https://doi.org/10.1007/s10623-020-00736-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-020-00736-9

Keywords

Mathematics Subject Classification

Search

Navigation