Abstract
This paper focuses on the differential cryptanalysis of the Salsa20 stream cipher. The existing differential cryptanalysis approaches first study the differential bias of the Salsa20 stream cipher and then search for probabilistic neutral bits (PNBs). However, the differential bias and the set of PNBs obtained in this method are not always the optimal solution. To figure out a better solution, we apply the differential cryptanalysis based on the comprehensive analysis of PNBs on the reduced-round Salsa20 introduced in [19]. At first, we comprehensively analyze the neutrality measure of all keybits concerning all output differential \(\mathcal{O}\mathcal{D}\) bits. Afterward, we select the \(\mathcal{O}\mathcal{D}\) bit position with the best neutrality measure and look for the corresponding input differential \(\mathcal{I}\mathcal{D}\) with the best differential bias. Taking everything into account, the proposed approach could be used to attack Salsa20/8 with a time complexity of \(2^{144.75}\) and a data complexity of \(2^{55.74}\).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
- 3.
We considered the average neutral value because we computed the neutrality measure of all 256 key-bit with the respect to each \(\mathcal{O}\mathcal{D}\) bit.
- 4.
According to [1] Under some reasonable independency assumptions, the equality \(\varepsilon =\varepsilon _d*\varepsilon _a\) holds.
- 5.
We used the effective attack algorithm of [1] from Sect. 3.4.
- 6.
Arka [4] also reported the 5th round bias of Salsa20. However, the author used the differential-linear adversary model. We used single bit differential bias.
References
Aumasson, J.-P., Fischer, S., Khazaei, S., Meier, W., Rechberger, C.: New features of latin dances: analysis of salsa, ChaCha, and Rumba. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 470–488. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-71039-4_30
Bernstein, D.J.: The Salsa20 family of stream ciphers. In: Robshaw, M., Billet, O. (eds.) New Stream Cipher Designs. LNCS, vol. 4986, pp. 84–97. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68351-3_8
Biham, E., Shamir, A.: Differential cryptanalysis of des-like cryptosystems. J. Cryptology (1991)
Choudhuri, A.R., Maitra, S.: Differential cryptanalysis of salsa and chacha-an evaluation with a hybrid model. Cryptology ePrint Archive (2016)
Choudhuri, A.R., Maitra, S.: Significantly improved multi-bit differentials for reduced round salsa and chacha. IACR Transactions on Symmetric Cryptology, pp. 261–287 (2016)
Crowley, P.: Truncated differential cryptanalysis of five rounds of salsa20. Cryptology ePrint Archive (2005)
Deepthi Kakumani, K.C., Singh, K., Karthika, S.K.: Improved related-cipher attack on salsa and Chacha: revisited. Int. J. Inf. Technol. 14(3), 1535–1542 (2022)
Dey, S., Sarkar, S.: improved analysis for reduced round salsa and Chacha. Discret. Appl. Math. 227, 58–69 (2017)
Ding, L.: Improved related-cipher attack on salsa20 stream cipher. IEEE Access 7, 30197–30202 (2019)
The eSTREAM Project. http://www.ecrypt.eu.org/stream
Fischer, S., Meier, W., Berbain, C., Biasse, J.-F., Robshaw, M.J.B.: Non-randomness in eSTREAM candidates Salsa20 and TSC-4. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 2–16. Springer, Heidelberg (2006). https://doi.org/10.1007/11941378_2
Ishiguro, T., Kiyomoto, S., Miyake, Y.: Latin dances revisited: new analytic results of Salsa20 and ChaCha. In: Qing, S., Susilo, W., Wang, G., Liu, D. (eds.) ICICS 2011. LNCS, vol. 7043, pp. 255–266. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25243-3_21
Ito, R.: Rotational cryptanalysis of salsa core function. In: Susilo, W., Deng, R.H., Guo, F., Li, Y., Intan, R. (eds.) ISC 2020. LNCS, vol. 12472, pp. 129–145. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-62974-8_8
Khazaei, S.: Neutrality-based symmetric cryptanalysis. Technical report, EPFL (2010)
Lipmaa, H., Moriai, S.: Efficient algorithms for computing differential properties of addition. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 336–350. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45473-X_28
Maitra, S.: Chosen IV cryptanalysis on reduced round ChaCha and Salsa. Discret. Appl. Math. 208, 88–97 (2016)
Mantin, I., Shamir, A.: A practical attack on broadcast RC4. In: Matsui, M. (ed.) FSE 2001. LNCS, vol. 2355, pp. 152–164. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45473-X_13
Mazumdar, B., Subidh Ali, S.K., Sinanoglu, O.: Power analysis attacks on arx: an application to salsa20. In: 2015 IEEE 21st International On-Line Testing Symposium (IOLTS), pp. 40–43. IEEE (2015)
Miyashita, S., Ito, R., Miyaji, A.: Pnb-focused differential cryptanalysis of chacha stream cipher. Cryptology ePrint Archive, Report 2021/1537 (2021). https://ia.cr/2021/1537
Shi, Z., Zhang, B., Feng, D., Wu, W.: Improved key recovery attacks on reduced-round Salsa20 and ChaCha. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 337–351. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37682-5_24
Stachowiak, S., Kurkowski, M., Soboń, A.: SAT-based cryptanalysis of Salsa20 cipher. In: Choraś, M., Choraś, R.S., Kurzyński, M., Trajdos, P., Pejaś, J., Hyla, T. (eds.) CORES/IP &C/ACS -2021. LNNS, vol. 255, pp. 252–266. Springer, Cham (2022). https://doi.org/10.1007/978-3-030-81523-3_25
Acknowledgements
This work is partially supported by JSPS KAKENHI Grant Number JP21H03443 and Innovation Platform for Society 5.0 at MEXT.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Ghafoori, N., Miyaji, A. (2022). Differential Cryptanalysis of Salsa20 Based on Comprehensive Analysis of PNBs. In: Su, C., Gritzalis, D., Piuri, V. (eds) Information Security Practice and Experience. ISPEC 2022. Lecture Notes in Computer Science, vol 13620. Springer, Cham. https://doi.org/10.1007/978-3-031-21280-2_29
Download citation
DOI: https://doi.org/10.1007/978-3-031-21280-2_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-21279-6
Online ISBN: 978-3-031-21280-2
eBook Packages: Computer ScienceComputer Science (R0)