The Salsa20 Family of Stream Ciphers

DOI: 10.1007/978-3-540-68351-3_8 In book: New Stream Cipher Designs, pp.84-97


Salsa20 is a family of 256-bit stream ciphers designed in 2005 and submitted to eSTREAM, the ECRYPT Stream Cipher Project.
Salsa20 has progressed to the third round of eSTREAM without any changes. The 20-round stream cipher Salsa20/20 is consistently
faster than AES and is recommended by the designer for typical cryptographic applications. The reduced-round ciphers Salsa20/12
and Salsa20/8 are among the fastest 256-bit stream ciphers available and are recommended for applications where speed is more
important than confidence. The fastest known attacks use ≈ 2153 simple operations against Salsa20/7, ≈ 2249 simple operations against Salsa20/8, and ≈ 2255 simple operations against Salsa20/9, Salsa20/10, etc. In this paper, the Salsa20 designer presents Salsa20 and discusses
the decisions made in the Salsa20 design.

  • Source
    • "DEVICES IN REWIRE AND CONNECT LOGIC Salsa20 is a stream cipher developed by Bernstein [9] and is part of the ECRYPT ESTREAM [10] portfolio of cryptographic ciphers. Salsa20 was originally intended for software implementation, but can also be synthesized on an FPGA with careful consideration given to space and mapping constraints. "
    [Show abstract] [Hide abstract]
    ABSTRACT: There is a semantic gap between the hardware definition languages used to design and implement hardware and the languages and logics used to formally specify and verify them. Bridging this gap—i.e., constructing formal models from existing hardware artifacts—can be costly, time-consuming, and error prone—and yet utterly necessary if formal verification is to proceed. This work demonstrates that this gap can be collapsed by starting in a pure functional language that is also a hardware description language, and that equational style verifications may be performed directly on the source text of a hardware design, thereby significantly lowering the verification cost for reconfigurable designs. When combined with an efficient compiler, this methodology achieves both good performance and low cost verification.
    Full-text · Conference Paper · Dec 2015
    • "Profile 1 consists of ciphers with high throughput in software that are faster than the 128-bits AES-CTR. Finalist ciphers include Salsa20/12[33], Rabbit[41], HC-128[35]and SOSEMANUK[27]. Profile 2 consists of ciphers that are suitable for highly constrained environments and are more compact in hardware than the 80-bits AES. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Pervasive computing constitutes a growing trend, aiming to embed smart devices into everyday objects. The limited resources of these devices and the ever-present need for lower production costs, lead to the research and development of lightweight cryptographic mechanisms. Block ciphers, the main symmetric key cryptosystems, perform well in this field. Nevertheless, stream ciphers are also relevant in ubiquitous computing applications, as they can be used to secure the communication in applications where the plaintext length is either unknown or continuous, like network streams. This paper provides the latest survey of stream ciphers for embedded systems. Lightweight implementations of stream ciphers in embedded hardware and software are examined as well as relevant authenticated encryption schemes. Their speed and simplicity enable compact and low-power implementations, allow them to excel in applications pertaining to resource-constrained devices. The outcomes of the International Organization for Standardization/International Electrotechnical Commission 29192-3 standard and the cryptographic competitions eSTREAM and Competition for Authenticated Encryption: Security, Applicability, and Robustness are summarized along with the latest results in the field. However, cryptanalysis has proven many of these schemes are actually insecure. From the 31 designs that are examined, only six of them have been found to be secure by independent cryptanalysis. A constrained benchmark analysis is performed on low-cost embedded hardware and software platforms. The most appropriate and secure solutions are then mapped in different types of applications. Copyright
    No preview · Article · Dec 2015 · Security and Communication Networks
  • Source
    • "In Jolfaei and Mirghadri (2010b, 2010c) and Jolfaei et al. (2012a, 2012b), Jolfaei et al. investigated the application of fast stream ciphers, including A5/1 (Ekdahl and Johansson, 2003), W7 (Jolfaei and Mirghadri, 2010b) and some of the eSTREAM finalists, such as Salsa20 (Bernstein, 2008a) and HC (Wu, 2008a), for the syntax-aware image encryption. These ciphers work on binary streams. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Confidentiality of digital images is an important requirement for many multimedia applications and services. To maintain confidentiality, encryption of digital images is essential. Digital images are usually very large and encrypting such bulky data induces many performance overheads, which can be too expensive for real-time applications in resource constrained environments. In this paper, we propose a chaotic image encryption scheme which satisfies the need for both lightweightedness and security. To justify the security and efficiency, the new cipher was evaluated using a series of statistical tests. These tests included a visual testing and a histogram analysis, a randomness analysis, a correlation analysis, an entropy analysis and an image encryption quality analysis. Based on all analyses and experimental results, it is concluded that the proposed scheme is effective, efficient and trustworthy and therefore can be adopted for image encryption.
    Full-text · Article · Jul 2015 · International Journal of Electronic Security and Digital Forensics
Show more