New features of Latin dances: analysis of Salsa, ChaCha, and Rumba The stream cipher Salsa20 was introduced by Bernstein in 2005 as a candidate in the eSTREAM project, accompanied by the reduced versions Salsa20/8 and Salsa20/12. ChaCha is a variant of Salsa20 aiming at bringing better diffusion for similar performance. Variants of Salsa20 with up to 7 rounds (instead of 20) have been broken by differential cryptanalysis, while ChaCha has not been analyzed yet. We introduce a novel method for differential cryptanalysis of Salsa20 and ChaCha, inspired by correlation attacks and related to the notion of neutral bits. This is the first application of neutral bits in stream cipher cryptanalysis. It allows us to break the 256-bit version of Salsa20/8, to bring faster attacks on the 7-round variant, and to break 6- and 7-round ChaCha. In a second part, we analyze the compression function Rumba, built as the XOR of four Salsa20 instances and returning a 512-bit output. We find collision and preimage attacks for two simplified variants, then we discuss differential attacks on the original version, and exploit a high-probability differential to reduce complexity of collision search from $2^{256}$ to $2^{79}$ for 3-round Rumba. To prove the correctness of our approach we provide examples of collisions and near-collisions on simplified versions.

References in zbMATH (referenced in 12 articles , 1 standard article )

Showing results 1 to 12 of 12.
Sorted by year (citations)

  1. Paul, Goutam; Ray, Souvik: On data complexity of distinguishing attacks versus message recovery attacks on stream ciphers (2018)
  2. Dey, Sabyasachi; Sarkar, Santanu: Improved analysis for reduced round Salsa and ChaCha (2017)
  3. Alekseychuk, A.N.; Konyushok, S.N.: On the efficiency of the probabilistic neutral bits method in statistical cryptanalysis of synchronous stream ciphers (2016)
  4. Maitra, Subhamoy: Chosen IV cryptanalysis on reduced round ChaCha and Salsa (2016)
  5. Wang, Houzhen; Zhang, Huanguo: A fast pseudorandom number generator with BLAKE hash function (2010)
  6. Brier, Eric; Khazaei, Shahram; Meier, Willi; Peyrin, Thomas: Linearization framework for collision attacks: application to CubeHash and MD6 (2009)
  7. Aumasson, Jean-Philippe; Fischer, Simon; Khazaei, Shahram; Meier, Willi; Rechberger, Christian: New features of Latin dances: analysis of Salsa, ChaCha, and Rumba (2008)
  8. Fischer, Simon; Khazaei, Shahram; Meier, Willi: Chosen IV statistical analysis for key recovery attacks on stream ciphers (2008)
  9. Khazaei, Shahram; Meier, Willi: New directions in cryptanalysis of self-synchronizing stream ciphers (2008)
  10. Priemuth-Schmid, Deike; Biryukov, Alex: Slid pairs in Salsa20 and Trivium (2008)
  11. Roy Chowdhury, Dipanwita (ed.); Rijmen, Vincent (ed.); Das, Abhijit (ed.): Progress in cryptology -- INDOCRYPT 2008. 9th international conference on cryptology in India, Kharagpur, India, December 14--17, 2008. Proceedings (2008)
  12. Shrimpton, Thomas; Stam, Martijn: Building a collision-resistant compression function from non-compressing primitives. (Extended abstract) (2008)