Non-randomness in eSTREAM candidates salsa20 and TSC-4

Authors:
Simon Fischer;Willi Meier;Côme Berbain;Jean-François Biasse;M. J. B. Robshaw
Affiliations:
FHNW, Windisch, Switzerland;FHNW, Windisch, Switzerland;FTRD, Issy les Moulineaux, France;FTRD, Issy les Moulineaux, France;FTRD, Issy les Moulineaux, France
Venue:
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Year:
2006

Citing 6
Cited 8

Resynchronization weaknesses in synchronous stream ciphers

EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Weaknesses in the Key Scheduling Algorithm of RC4

SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
Linearity Properties of the SOBER-t32 Key Loading

FSE '02 Revised Papers from the 9th International Workshop on Fast Software Encryption
Linear cryptanalysis of the TSC family of stream ciphers

ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Distinguishing attacks on t-functions

Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
Another attack on A5/1

IEEE Transactions on Information Theory

The Salsa20 Family of Stream Ciphers

New Stream Cipher Designs
On the Salsa20 Core Function

Fast Software Encryption
New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba

Fast Software Encryption
Slid Pairs in Salsa20 and Trivium

INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Differential cryptanalysis of T-function based stream cipher TSC-4

ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Latin dances revisited: new analytic results of Salsa20 and ChaCha

ICICS'11 Proceedings of the 13th international conference on Information and communications security
UNAF: a special set of additive differences with application to the differential analysis of ARX

FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Improved key recovery attacks on reduced-round salsa20 and chacha

ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Stream cipher initialisation should ensure that the initial state or keystream is not detectably related to the key and initialisation vector. In this paper we analyse the key/IV setup of the eSTREAM Phase 2 candidates Salsa20 and TSC-4. In the case of Salsa20 we demonstrate a key recovery attack on six rounds and observe non-randomness after seven. For TSC-4, non-randomness over the full eight-round initialisation phase is detected, but would also persist for more rounds.