In this paper, we propose new attacks on 9-round Salsa20 and 8-round ChaCha. We constructed a distinguisher of double-bit differentials to improve Aumasson's single-bit differential cryptanalysis. We searched for correlations using a PC, and found strong correlations in 9-round Salsa20 and 8-round ChaCha. The complexities of the introduced attacks are 216 in 9-round Salsa20 and 2 in 8-round ChaCha, which are much less than the complexities of an exhaustive key search and existing attacks on those ciphers. The results show that an adversary can distinguish keystream bits from random bits using a few input and output pairs of an initial keys and initial vectors. This method has potential to apply to a wide range of stream ciphers; a double-bit correlation would be found in case that no single-bit correlation is found. © 2011 Springer-Verlag.
CITATION STYLE
Ishiguro, T., Kiyomoto, S., & Miyake, Y. (2011). Latin dances revisited: New analytic results of Salsa20 and ChaCha. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7043 LNCS, pp. 255–266). https://doi.org/10.1007/978-3-642-25243-3_21
Mendeley helps you to discover research relevant for your work.