Analysis of Diagonal Constants for Extension of Salsa to 64 Bit

  • Bhagwan N. BatheEmail author
  • Bharti HariramaniEmail author
  • A. K. Bhattacharjee
  • S. V. Kulgod


In this paper, we carried out a differential cryptanalysis of Salsa, to study the effect of diagonal constants on biases after few rounds of operations. So far, we did not find any formal logic or explanation for selecting such constants. We introduced a new measure called Measure of Uniformity in bias for segregating constants as good or bad w.r.t. original constants. We found that, if we create an Input Differential (\(\mathcal {ID}\)) at Most Significant Bit (MSB) of the third word of quarterround function, then after 4 rounds, the value of Measure of Uniformity in bias either increases or decreases which is determined by the specific pattern in 4 Least Significant Bits (LSB) of first word (which is constant) of quarterround function. The location of the pattern within that diagonal constant is determined by the last two rotation constants of corresponding quarterround function. The designer constants are good constants; however, they can be even better with a slight change in constant c3. We used our observations of 32-bit Salsa to design an extended 64-bit version of Salsa. We observed similar patterns in constants for 64-bit design as well. It was observed that for 64-bit version, the bias is negligible only after 5 rounds. 64-bit design performs 1.6 to 1.7 times faster as compared to the similar implementation of 32-bit Salsa on the 64-bit machine.


Constants Stream cipher ChaCha Salsa Bias Measure of Uniformity in bias ARX cipher Input Differential Output Differential Hamming distance 


  1. 1.
    Bathe BN, Hariramani B, Bhattacharjee A, Kulgod S (2017) Analysis of diagonal constants in salsa. In: Ali S, Danger J L, Eisenbarth T (eds) Security, privacy, and applied cryptography engineering. SPACE 2017. Lecture notes in computer science, vol 10662. Springer, Cham, pp 93–110.
  2. 2.
    Bernstein DJ (2005) Salsa20 specification. eSTREAM Project algorithm description.
  3. 3.
    The ECRYPT stream cipher project. eSTREAM portfolio of stream ciphers.
  4. 4.
    Bernstein DJ (2008) ChaCha, a variant of Salsa20. In: Workshop record of SASC, vol 8Google Scholar
  5. 5.
    Aumasson JP, Fischer S, Khazaei S, Meier W, Rechberger C (2008) New features of Latin dances: analysis of Salsa, ChaCha, and Rumba. Springer, Berlin, pp 470–488zbMATHGoogle Scholar
  6. 6.
    Castro JCH, Estévez-Tapiador JM, Quisquater J (2008) On the Salsa20 core function. In: Fast software encryption, 15th international workshop, FSE 2008, Lausanne, Switzerland, February 10–13, 2008, Revised Selected Papers, pp 462–469.
  7. 7.
    Crowley P (2005) Truncated differential cryptanalysis of five rounds of Salsa20. IACR Cryptology ePrint Archive 2005:375. Google Scholar
  8. 8.
    Fischer S, Meier W, Berbain C, Biasse J, Robshaw MJB (2006) Non-randomness in eSTREAM Candidates Salsa20 and TSC-4. In: Progress in cryptology - INDOCRYPT 2006, 7th international conference on cryptology in India, Kolkata, India, December 11–13, 2006, Proceedings, pp 2–16.
  9. 9.
    Ishiguro T, Kiyomoto S, Miyake Y (2011) Latin dances revisited: new analytic results of Salsa20 and ChaCha. In: Information and communications security - 13th international conference, ICICS 2011, Beijing, China, November 23–26, 2011. Proceedings, pp 255–266.
  10. 10.
    Maitra S (2016) Chosen IV cryptanalysis on reduced round ChaCha and Salsa. Discret Appl Math 208:88–97. MathSciNetCrossRefGoogle Scholar
  11. 11.
    Maitra S, Paul G, Meier W (2015) Salsa20 cryptanalysis: new moves and revisiting old styles. In: WCC 2015, the ninth international workshop on coding and cryptography, April 13–17, 2015, Paris.
  12. 12.
    Mouha N, Preneel B (2013) A proof that the ARX Cipher Salsa20 is secure against differential cryptanalysis. IACR Cryptology ePrint Archive 2013:328. Google Scholar
  13. 13.
    Tsunoo Y, Saito T, Kubo H, Suzaki T, Nakashima H (2007) Differential cryptanalysis of Salsa20/8.
  14. 14.
    Ashur T, Liu Y (2016) Rotational cryptanalysis in the presence of constants. IACR Cryptology ePrint Archive 2016:826. Google Scholar
  15. 15.
    Bernstein D (2005) The salsa20 encryption function.
  16. 16.
    Choudhuri AR, Maitra S (2016) Significantly improved multi-bit differentials for reduced round salsa and chacha. IACR Cryptology ePrint Archive 2016:1034. Google Scholar
  17. 17.
    Sobti R, Ganesan G (2016) Analysis of quarter rounds of salsa and chacha core and proposal of an alternative design to maximize diffusion. Ind J Sci Technol.
  18. 18.

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Bhabha Atomic Research Centre (CI)Homi Bhabha National InstituteMumbaiIndia
  2. 2.Bhabha Atomic Research CentreMumbaiIndia

Personalised recommendations