A new distinguishing attack on reduced round ChaCha permutation

Abstract

AbstractThis work concentrates on differential-linear distinguishing attacks on the prominent ARX-based permutation ChaCha. Here, we significantly improve the 7-round differential-linear distinguisher for ChaCha permutation by introducing a new path of linear approximation. We first introduce a new single-bit differential distinguisher for the 3.5th round of the permutation that assists us in inventing a new path for the differential-linear distinguisher. We show that one can distinguish a 7-round ChaCha permutation with time complexity of $$2^{207}$$ 2 207 . This improves the recent work of Coutinho et al. (in: Advances in Cryptology—ASIACRYPT 2022—28nd International Conference on the Theory and Application of Cryptology and Information Security, Taipei, Taiwan, December 5–9, 2012, Springer, 2022), which achieved time complexity $$2^{214}$$ 2 214 . We also propose a distinguisher for the 7.25-round of ChaCha permutation and this is the first distinguishing attack for more than 7-round of ChaCha permutation. We provide theoretical proofs and the corresponding experimental results for the linear approximations that we use for differential-linear distinguisher. We point out that the existing multibit distinguishing attacks on the cipher ChaCha are invalid. These attacks are worked only for the ChaCha permutation.