Author:
Barbero Stefano,Bellini Emanuele,Makarim Rusydi H.
Abstract
<p style='text-indent:20px;'>We show that the underlying permutation of ChaCha20 stream cipher does not behave as a random permutation for up to 17 rounds with respect to rotational cryptanalysis. In particular, we derive a lower and an upper bound for the rotational probability through ChaCha quarter round, we show how to extend the bound to a full round and then to the full permutation. The obtained bounds show that the probability to find what we call a parallel rotational collision is, for example, less than <inline-formula><tex-math id="M1">\begin{document}$ 2^{-505} $\end{document}</tex-math></inline-formula> for 17 rounds of ChaCha permutation, while for a random permutation of the same input size, this probability is <inline-formula><tex-math id="M2">\begin{document}$ 2^{-511} $\end{document}</tex-math></inline-formula>. We remark that our distinguisher is not an attack against the ChaCha20 stream cipher, but rather a theoretical analysis of its internal permutation from the point of view of rotational cryptanalysis. Whenever possible, our claims are supported by experiments.</p>
Publisher
American Institute of Mathematical Sciences (AIMS)
Subject
Applied Mathematics,Discrete Mathematics and Combinatorics,Computer Networks and Communications,Algebra and Number Theory,Applied Mathematics,Discrete Mathematics and Combinatorics,Computer Networks and Communications,Algebra and Number Theory
Reference18 articles.
1. J.-P. Aumasson, S. Neves, Z. Wilcox-O'Hearn, C. Winnerlein.BLAKE2: Simpler, smaller, fast as MD5, International Conference on Applied Cryptography and Network Security, 7954 (2013), 119-135.
2. D. Bernstein, Salsa20 Security, Technical report, eSTREAM Project, 2005, Available at: http://cr.yp.to/snuffle/security. pdf.
3. D. J. Bernstein, Salsa20 Specification, Technical report, eSTREAM Project, https://www.ecrypt.eu.org/stream/, 2005, Available at: http://www.ecrypt.eu.org/stream/salsa20pf.html.
4. D. J. Bernstein, Salsa20 Specification, eSTREAM Project algorithm description, http://www.ecrypt.eu.org/stream/salsa20pf.html.
5. D. J. Bernstein, What output size resists collisions in a xor of independent expansions?, ECRYPT Workshop on Hash Functions, (2007), Available at https://cr.yp.to/rumba20/expandxor-20070503.pdf.
Cited by
2 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献