The Salsa20 Family of Stream Ciphers

DOI: 10.1007/978-3-540-68351-3_8

ABSTRACT Salsa20 is a family of 256-bit stream ciphers designed in 2005 and submitted to eSTREAM, the ECRYPT Stream Cipher Project.
Salsa20 has progressed to the third round of eSTREAM without any changes. The 20-round stream cipher Salsa20/20 is consistently
faster than AES and is recommended by the designer for typical cryptographic applications. The reduced-round ciphers Salsa20/12
and Salsa20/8 are among the fastest 256-bit stream ciphers available and are recommended for applications where speed is more
important than confidence. The fastest known attacks use ≈ 2153 simple operations against Salsa20/7, ≈ 2249 simple operations against Salsa20/8, and ≈ 2255 simple operations against Salsa20/9, Salsa20/10, etc. In this paper, the Salsa20 designer presents Salsa20 and discusses
the decisions made in the Salsa20 design.

1 Follower
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper presents several side-channel attacks based on timing information leaked from CPU cache mem-ory. The attacks are focused towards cryptographic ciphers that have an implementation based on lookup tables. Several attacks lead to a recovery of a major part of the secret key, such that an exhaustive search on the rest of the undetermined bits becomes compu-tationally feasible. This attack is possible due to the data-dependent lookups performed during the encryp-tion process. Since encryptions are performed in vari-able amounts of time this leads to a correlation between the time and data. By making some wise assumptions based also on the cipher structure, the attacker is able to extract the secret key from the earlier correlation. The paper also discusses the applicability of these at-tacks and offers some countermeasures.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Dans cette thèse, nous considérons les générateurs de nombres aléatoires en cryptographie. D'une part, nous avons étudié des générateurs, comme HAVEGE, qui produisent leurs données en se basant sur des événements imprévisibles. D'autre part, nous avons examiné les chiffrements à flots, qui peuvent être vus comme des générateurs de nombre pseudo-aléatoires qui produisent une suite chiffrante à partir d'une courte séquence initiale dépendant de la clé, et du vecteur d'initialisation, l'IV. Nous avons étudié plus particulièrement le chiffrement Dragon, ainsi qu'un modèle utilisant des fonctions aléatoires qui nous a été inspiré par une attaque sur le chiffrement MICKEY. Enfin, nous avons étudié plusieurs aspects des registres à décalages avec retenue (ou FCSR pour "feedback with carry shift register" en anglais) utilisés dans le chiffrement F-FCSR.
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: ChaCha8 is a 256-bit stream cipher based on the 8-round cipher Salsa20/8. The changes from Salsa20/8 to ChaCha8 are designed to improve diffusion per round, conjecturally increasing resistance to cryptanalysis, while preserving—and often improving—time per round. ChaCha12 and ChaCha20 are analogous modifications of the 12-round and 20-round ciphers Salsa20/12 and Salsa20/20. This paper presents the ChaCha family and explains the differences between Salsa20 and ChaCha.