The Design of Rijndael
Efficient Algorithms for Computing Differential Properties of Addition
FSE '01 Revised Papers from the 8th International Workshop on Fast Software Encryption
On binary signed digit representations of integers
Designs, Codes and Cryptography
The Salsa20 Family of Stream Ciphers
New Stream Cipher Designs
New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba
Fast Software Encryption
A new method for known plaintext attack of FEAL cipher
EUROCRYPT'92 Proceedings of the 11th annual international conference on Theory and application of cryptographic techniques
Fast data encipherment algorithm FEAL
EUROCRYPT'87 Proceedings of the 6th annual international conference on Theory and application of cryptographic techniques
The differential analysis of S-functions
SAC'10 Proceedings of the 17th international conference on Selected areas in cryptography
The additive differential probability of ARX
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Non-randomness in eSTREAM candidates salsa20 and TSC-4
INDOCRYPT'06 Proceedings of the 7th international conference on Cryptology in India
Improved key recovery attacks on reduced-round salsa20 and chacha
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Hi-index | 0.00 |
Due to their fast performance in software, an increasing number of cryptographic primitives are constructed using the operations addition modulo 2n, bit rotation and XOR (ARX). However, the resistance of ARX-based ciphers against differential cryptanalysis is not well understood. In this paper, we propose a new tool for evaluating more accurately the probabilities of additive differentials over multiple rounds of a cryptographic primitive. First, we introduce a special set of additive differences, called UNAF (unsigned non-adjacent form) differences. Then, we show how to apply them to find good differential trails using an algorithm for the automatic search for differentials. Finally, we describe a key-recovery attack on stream cipher Salsa20 reduced to five rounds, based on UNAF differences.