The Salsa20 Family of Stream Ciphers

DOI: 10.1007/978-3-540-68351-3_8 In book: New Stream Cipher Designs, pp.84-97


Salsa20 is a family of 256-bit stream ciphers designed in 2005 and submitted to eSTREAM, the ECRYPT Stream Cipher Project.
Salsa20 has progressed to the third round of eSTREAM without any changes. The 20-round stream cipher Salsa20/20 is consistently
faster than AES and is recommended by the designer for typical cryptographic applications. The reduced-round ciphers Salsa20/12
and Salsa20/8 are among the fastest 256-bit stream ciphers available and are recommended for applications where speed is more
important than confidence. The fastest known attacks use ≈ 2153 simple operations against Salsa20/7, ≈ 2249 simple operations against Salsa20/8, and ≈ 2255 simple operations against Salsa20/9, Salsa20/10, etc. In this paper, the Salsa20 designer presents Salsa20 and discusses
the decisions made in the Salsa20 design.

1 Follower
114 Reads
  • Source
    • "DEVICES IN REWIRE AND CONNECT LOGIC Salsa20 is a stream cipher developed by Bernstein [9] and is part of the ECRYPT ESTREAM [10] portfolio of cryptographic ciphers. Salsa20 was originally intended for software implementation, but can also be synthesized on an FPGA with careful consideration given to space and mapping constraints. "
    [Show abstract] [Hide abstract]
    ABSTRACT: There is a semantic gap between the hardware definition languages used to design and implement hardware and the languages and logics used to formally specify and verify them. Bridging this gap—i.e., constructing formal models from existing hardware artifacts—can be costly, time-consuming, and error prone—and yet utterly necessary if formal verification is to proceed. This work demonstrates that this gap can be collapsed by starting in a pure functional language that is also a hardware description language, and that equational style verifications may be performed directly on the source text of a hardware design, thereby significantly lowering the verification cost for reconfigurable designs. When combined with an efficient compiler, this methodology achieves both good performance and low cost verification.
    The 2015 International Conference on Field-Programmable Technology (FPT '15); 12/2015
  • Source
    • "In Jolfaei and Mirghadri (2010b, 2010c) and Jolfaei et al. (2012a, 2012b), Jolfaei et al. investigated the application of fast stream ciphers, including A5/1 (Ekdahl and Johansson, 2003), W7 (Jolfaei and Mirghadri, 2010b) and some of the eSTREAM finalists, such as Salsa20 (Bernstein, 2008a) and HC (Wu, 2008a), for the syntax-aware image encryption. These ciphers work on binary streams. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Confidentiality of digital images is an important requirement for many multimedia applications and services. To maintain confidentiality, encryption of digital images is essential. Digital images are usually very large and encrypting such bulky data induces many performance overheads, which can be too expensive for real-time applications in resource constrained environments. In this paper, we propose a chaotic image encryption scheme which satisfies the need for both lightweightedness and security. To justify the security and efficiency, the new cipher was evaluated using a series of statistical tests. These tests included a visual testing and a histogram analysis, a randomness analysis, a correlation analysis, an entropy analysis and an image encryption quality analysis. Based on all analyses and experimental results, it is concluded that the proposed scheme is effective, efficient and trustworthy and therefore can be adopted for image encryption.
    International Journal of Electronic Security and Digital Forensics 07/2015; 7(3):258 - 277. DOI:10.1504/IJESDF.2015.070389
  • Source
    • ", x 1 [1], x 2 [2] and x 3 [3]. Similarly all other 15 bytes "
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper presents several side-channel attacks based on timing information leaked from CPU cache mem-ory. The attacks are focused towards cryptographic ciphers that have an implementation based on lookup tables. Several attacks lead to a recovery of a major part of the secret key, such that an exhaustive search on the rest of the undetermined bits becomes compu-tationally feasible. This attack is possible due to the data-dependent lookups performed during the encryp-tion process. Since encryptions are performed in vari-able amounts of time this leads to a correlation between the time and data. By making some wise assumptions based also on the cipher structure, the attacker is able to extract the secret key from the earlier correlation. The paper also discusses the applicability of these at-tacks and offers some countermeasures.
Show more

Similar Publications


114 Reads