A Stream Cipher Based on Linear Feedback over GF(28)
ACISP '98 Proceedings of the Third Australasian Conference on Information Security and Privacy
The Salsa20 Family of Stream Ciphers
New Stream Cipher Designs
New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba
Fast Software Encryption
Slid Pairs in Salsa20 and Trivium
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Non-randomness in eSTREAM candidates salsa20 and TSC-4
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Distinguishing attacks on the stream cipher py
FSE'06 Proceedings of the 13th international conference on Fast Software Encryption
Hi-index | 0.00 |
In this paper, we propose new attacks on 9-round Salsa20 and 8-round ChaCha. We constructed a distinguisher of double-bit differentials to improve Aumasson's single-bit differential cryptanalysis. We searched for correlations using a PC, and found strong correlations in 9-round Salsa20 and 8-round ChaCha. The complexities of the introduced attacks are 216 in 9-round Salsa20 and 2 in 8-round ChaCha, which are much less than the complexities of an exhaustive key search and existing attacks on those ciphers. The results show that an adversary can distinguish keystream bits from random bits using a few input and output pairs of an initial keys and initial vectors. This method has potential to apply to a wide range of stream ciphers; a double-bit correlation would be found in case that no single-bit correlation is found.