On the Salsa20 Core Function
نویسندگان
چکیده
In this paper, we point out some weaknesses in the Salsa20 core function that could be exploited to obtain up to 2 collisions for its full (20 rounds) version. We first find an invariant for its main building block, the quarterround function, that is then extended to the rowround and columnround functions. This allows us to find an input subset of size 2 for which the Salsa20 core behaves exactly as the transformation f(x) = 2x. An attacker can take advantage of this for constructing 2 collisions for any number of rounds. We finally show another weakness in the form of a differential characteristic with probability one that proves that the Salsa20 core does not have 2 preimage resistance.
منابع مشابه
Salsa20 security
If the Salsa20 key k is a uniform random sequence of bytes, and the same nonce is never used for two different messages, then the Salsa20 encryption function is conjectured to produce ciphertexts that are indistinguishable from perfect ciphertexts, i.e., uniform random strings independent of the plaintexts. At a lower level, the random function n 7→ Salsa20k(n) from {0, 1, . . . , 255} 16 to {0...
متن کاملNew Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba
The stream cipher Salsa20 was introduced by Bernstein in 2005 as a candidate in the eSTREAM project, accompanied by the reduced versions Salsa20/8 and Salsa20/12. ChaCha is a variant of Salsa20 aiming at bringing better diffusion for similar performance. Variants of Salsa20 with up to 7 rounds (instead of 20) have been broken by differential cryptanalysis, while ChaCha has not been analyzed yet...
متن کاملThe Salsa20 Family of Stream Ciphers
Salsa20 is a family of 256-bit stream ciphers designed in 2005 and submitted to eSTREAM, the ECRYPT Stream Cipher Project. Salsa20 has progressed to the third round of eSTREAM without any changes. The 20-round stream cipher Salsa20/20 is consistently faster than AES and is recommended by the designer for typical cryptographic applications. The reduced-round ciphers Salsa20/12 and Salsa20/8 are ...
متن کاملA Proof that the ARX Cipher Salsa20 is Secure against Differential Cryptanalysis
An increasing number of cryptographic primitives are built using the ARX operations: addition modulo 2n, bit rotation and XOR. Because of their very fast performance in software, ARX ciphers are becoming increasingly common. However, not a single ARX cipher has yet been proven to be secure against one of the most common attacks in symmetrickey cryptography: differential cryptanalysis. In this p...
متن کاملImproving the Diffusion of the Stream Cipher Salsa20 by Employing a Chaotic Logistic Map
The stream cipher Salsa20 and its reduced versions are among the fastest stream ciphers available today. However, Salsa20/7 is broken and Salsa20/12 is not as safe as before. Therefore, Salsa20 must completely perform all of the four rounds of encryption to achieve a good diffusion in order to resist the known attacks. In this paper, a new variant of Salsa20 that uses the chaos theory and that ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008