Topic
BLAKE
About: BLAKE is a research topic. Over the lifetime, 11 publications have been published within this topic receiving 303 citations.
Papers
10 Feb 2008
TL;DR: In this paper, neutral bits are used for differential cryptanalysis of Salsa20 and ChaCha, inspired by correlation attacks and related to the notion of neutral bits in stream cipher cryptanalysis.
Abstract: The stream cipher Salsa20 was introduced by Bernstein in 2005 as a candidate in the eSTREAM project, accompanied by the reduced versions Salsa20/8 and Salsa20/12. ChaCha is a variant of Salsa20 aiming at bringing better diffusion for similar performance. Variants of Salsa20 with up to 7 rounds (instead of 20) have been broken by differential cryptanalysis, while ChaCha has not been analyzed yet. We introduce a novel method for differential cryptanalysis of Salsa20 and ChaCha, inspired by correlation attacks and related to the notion of neutral bits. This is the first application of neutral bits in stream cipher cryptanalysis. It allows us to break the 256-bit version of Salsa20/8, to bring faster attacks on the 7-round variant, and to break 6- and 7-round ChaCha. In a second part, we analyze the compression function Rumba, built as the XOR of four Salsa20 instances and returning a 512-bit output. We find collision and preimage attacks for two simplified variants, then we discuss differential attacks on the original version, and exploit a high-probability differential to reduce complexity of collision search from 2256to 279for 3-round Rumba. To prove the correctness of our approach we provide examples of collisions and near-collisions on simplified versions.
152 citations
28 Nov 2012
TL;DR: Improved key recovery attacks on reduced-round Salsa20 and ChaCha are presented, which generalize the notion of PNB to probabilistic neutral vectors (PNV) and show that the set of PNV is no smaller than that of P NB.
Abstract: Salsa20 is a stream cipher designed by Bernstein in 2005 and Salsa20/12 has been selected into the final portfolio of the eSTREAM Project. ChaCha is a variant of Salsa20 with faster diffusion for similar performance. The previous best results on Salsa20 and ChaCha proposed by Aumasson et al. exploits the differential properties combined with the probabilistic neutral bits (PNB). In this paper, we extend their approach by considering a new type of distinguishers, named (column and row) chaining distinguishers. Besides, we exhibit new high probability second-order differential trails not covered by the previous methods, generalize the notion of PNB to probabilistic neutral vectors (PNV) and show that the set of PNV is no smaller than that of PNB. Based on these findings, we present improved key recovery attacks on reduced-round Salsa20 and ChaCha. Both time and data complexities of our attacks are smaller than those of the best former results.
69 citations
TL;DR: In this paper, the authors revisited the work of Aumasson et al. to provide a clearer insight of the existing attack (2248 complexity for ChaCha7, i.e.,?7 rounds) and show certain improvements (complexity around 2243) by exploiting additional Probabilistic Neutral Bits.
57 citations
TL;DR: A new algorithm to construct Probabilistic Neutral Bits is given and this algorithm is used to improve the existing attacks for reduced rounds of both Salsa and ChaCha.
50 citations
TL;DR: This paper shows how to theoretically choose the combinations of the output bits to obtain significantly improved biases and obtains several significantly improved cryptanalytic results for reduced round Salsa and ChaCha that could not be obtained earlier.
Abstract: ChaCha and Salsa are two software oriented stream ciphers that have attracted serious attention in academic as well as commercial domain. The most important cryptanalysis of reduced versions of these ciphers was presented by Aumasson et al. in FSE 2008. One part of their attack was to apply input difference(s) to investigate biases after a few rounds. So far there have been certain kind of limited exhaustive searches to obtain such biases. For the first time, in this paper, we show how to theoretically choose the combinations of the output bits to obtain significantly improved biases. The main idea here is to consider the multi-bit differentials as extension of suitable single-bit differentials with linear approximations, which is essentially a differential-linear attack. As we consider combinations of many output bits (for example 19 for Salsa and 21 for ChaCha), exhaustive search is not possible here. By this method we obtain very high biases for linear combinations of bits in Salsa after 6 rounds and in ChaCha after 5 rounds. These are clearly two rounds of improvement for both the ciphers over the existing works. Using these biases we obtain several significantly improved cryptanalytic results for reduced round Salsa and ChaCha that could not b obtained earlier. In fact, with our results it is now possible to cryptanalyse 6-round Salsa and 5-round ChaCha in practical time.
41 citations
Related Topics (5)
Performance Metrics
| Year | Papers |
|---|---|
| 2017 | 2 |
| 2016 | 1 |
| 2013 | 1 |
| 2012 | 1 |
| 2011 | 1 |
| 2010 | 2 |