Resynchronization weaknesses in synchronous stream ciphers
EUROCRYPT '93 Workshop on the theory and application of cryptographic techniques on Advances in cryptology
Weaknesses in the Key Scheduling Algorithm of RC4
SAC '01 Revised Papers from the 8th Annual International Workshop on Selected Areas in Cryptography
Linearity Properties of the SOBER-t32 Key Loading
FSE '02 Revised Papers from the 9th International Workshop on Fast Software Encryption
Linear cryptanalysis of the TSC family of stream ciphers
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Distinguishing attacks on t-functions
Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
IEEE Transactions on Information Theory
The Salsa20 Family of Stream Ciphers
New Stream Cipher Designs
Fast Software Encryption
New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba
Fast Software Encryption
Slid Pairs in Salsa20 and Trivium
INDOCRYPT '08 Proceedings of the 9th International Conference on Cryptology in India: Progress in Cryptology
Differential cryptanalysis of T-function based stream cipher TSC-4
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Latin dances revisited: new analytic results of Salsa20 and ChaCha
ICICS'11 Proceedings of the 13th international conference on Information and communications security
UNAF: a special set of additive differences with application to the differential analysis of ARX
FSE'12 Proceedings of the 19th international conference on Fast Software Encryption
Improved key recovery attacks on reduced-round salsa20 and chacha
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Hi-index | 0.00 |
Stream cipher initialisation should ensure that the initial state or keystream is not detectably related to the key and initialisation vector. In this paper we analyse the key/IV setup of the eSTREAM Phase 2 candidates Salsa20 and TSC-4. In the case of Salsa20 we demonstrate a key recovery attack on six rounds and observe non-randomness after seven. For TSC-4, non-randomness over the full eight-round initialisation phase is detected, but would also persist for more rounds.