Change search
ReferencesLink to record
Permanent link

Direct link
New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba
FHNW, Windisch, Switzerland.
FHNW, Windisch, Switzerland.
EPFL, Lausanne, Switzerland.
FHNW, Windisch, Switzerland.
Show others and affiliations
2008 (English)In: Fast Software Encryption, FSE 2008, LNCS 5086, 2008, 470-488 p.Conference paper (Refereed)
Abstract [en]

The stream cipher Salsa20 was introduced by Bernstein in 2005 as a candidate in the eSTREAM project, accompanied by the reduced versions Salsa20/8 and Salsa20/12. ChaCha is a variant of Salsa20 aiming at bringing better diffusion for similar performance. Variants of Salsa20 with up to 7 rounds (instead of 20) have been broken by differential cryptanalysis, while ChaCha has not been analyzed yet. We introduce a novel method for differential cryptanalysis of Salsa20 and ChaCha, inspired by correlation attacks and related to the notion of neutral bits. This is the first application of neutral bits in stream cipher cryptanalysis. It allows us to break the 256-bit version of Salsa20/8, to bring faster attacks on the 7-round variant, and to break 6- and 7-round ChaCha. In a second part, we analyze the compression function Rumba, built as the XOR of four Salsa20 instances and returning a 512-bit output. We find collision and preimage attacks for two simplified variants, then we discuss differential attacks on the original version, and exploit a high-probability differential to reduce complexity of collision search from 2^256 to 2^79 for 3-round Rumba. To prove the correctness of our approach we provide examples of collisions and near-collisions on simplified versions.

Place, publisher, year, edition, pages
2008. 470-488 p.
, Lecture Notes in Computer Science, ISSN 0302-9743 ; 5086
Keyword [en]
Secret-key Cryptography, Cryptanalysis, Stream Cipher, eSTREAM, Salsa20
National Category
Computer Science
URN: urn:nbn:se:kth:diva-70288DOI: 10.1007/978-3-540-71039-4_30ISBN: 978-354071038-7ISBN: 3540710388OAI: diva2:486321
Fast Software Encryption, FSE 2008, LNCS 5086
QC 20120131Available from: 2012-01-30 Created: 2012-01-30 Last updated: 2012-01-31Bibliographically approved

Open Access in DiVA

No full text

Other links

Publisher's full text

Search in DiVA

By author/editor
Khazaei, Shahram
Computer Science

Search outside of DiVA

GoogleGoogle Scholar
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Altmetric score

Total: 24 hits
ReferencesLink to record
Permanent link

Direct link