Header menu link for other important links
Proving the biases of Salsa and ChaCha in differential attack
Published in Springer
Volume: 88
Issue: 9
Pages: 1827 - 1856
Salsa and ChaCha are two of the most famous stream ciphers in recent times. Most of the attacks available so far against these two ciphers are differential attacks, where a difference is given as an input in the initial state of the cipher and in the output some correlation is investigated. This correlation works as a distinguisher. All the key recovery attacks against these ciphers are based on these observed distinguishers. However, the distinguisher in the differential attack was purely an experimental observation, and the reason for this bias was unknown so far. In this paper, we provide a full theoretical proof of both the observed distinguishers for Salsa and ChaCha. In the key recovery attack, the idea of probabilistically neutral bit also plays a vital role. Here, we also theoretically explain the reason of a particular key bit of Salsa to be probabilistically neutral. This is the first attempt to provide a theoretical justification of the idea of differential key recovery attack against these two ciphers. © 2020, Springer Science+Business Media, LLC, part of Springer Nature.
About the journal
JournalData powered by TypesetDesigns, Codes, and Cryptography
PublisherData powered by TypesetSpringer
Open AccessNo