Advertisement

Non-randomness in eSTREAM Candidates Salsa20 and TSC-4

  • Simon Fischer
  • Willi Meier
  • Côme Berbain
  • Jean-François Biasse
  • M. J. B. Robshaw
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4329)

Abstract

Stream cipher initialisation should ensure that the initial state or keystream is not detectably related to the key and initialisation vector. In this paper we analyse the key/IV setup of the eSTREAM Phase 2 candidates Salsa20 and TSC-4. In the case of Salsa20 we demonstrate a key recovery attack on six rounds and observe non-randomness after seven. For TSC-4, non-randomness over the full eight-round initialisation phase is detected, but would also persist for more rounds.

Keywords

Stream Cipher eSTREAM Salsa20 TSC-4 Chosen IV Attack 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bernstein, D.J.: Salsa20. In: eSTREAM, ECRYPT Stream Cipher Project, Report 2005/025Google Scholar
  2. 2.
    Bernstein, D.J.: Salsa20/8 and Salsa20/12. In: eSTREAM, ECRYPT Stream Cipher Project, Report 2006/007Google Scholar
  3. 3.
    Bernstein, D.J.: Related-key attacks: who cares? In: eSTREAM discussion forum (June 22, 2005), http://www.ecrypt.eu.org/stream/phorum/read.php?1,23
  4. 4.
    Biryukov, A.: A New 128 Bit Key Stream Cipher: LEX. In: eSTREAM, ECRYPT Stream Cipher Project, Report 2005/013Google Scholar
  5. 5.
    Crowley, P.: Truncated Differential Cryptanalysis of Five Rounds of Salsa20. In: eSTREAM, ECRYPT Stream Cipher Project, Report 2005/073Google Scholar
  6. 6.
    Daemen, J., Goverts, R., Vandewalle, J.: Resynchronization Weaknesses in Synchronous Stream Ciphers. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 159–167. Springer, Heidelberg (1994)Google Scholar
  7. 7.
    Dichtl, M., Schafheutle, M.: Linearity Properties of the SOBER-t32 Key Loading. In: Daemen, J., Rijmen, V. (eds.) FSE 2002. LNCS, vol. 2365, pp. 159–167. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Ekdahl, P., Johansson, T.: Another Attack on A5/1. IEEE Transactions on Information Theory 49(1), 284–289 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Fluhrer, S.R., Mantin, I., Shamir, A.: Weaknesses in the Key Scheduling Algorithm of RC4. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 1–24. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Künzli, S., Junod, P., Meier, W.: Distinguishing Attacks on T-functions. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 2–15. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Muller, F., Peyrin, T.: Linear Cryptanalysis of the TSC Family of Stream Ciphers. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 373–394. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Moon, D., Kwon, D., Han, D., Lee, J., Ryu, G.H., Lee, D.W., Yeom, Y., Chee, S.: T-function Based Streamcipher TSC-4. In: eSTREAM, ECRYPT Stream Cipher Project, Report 2006/024Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Simon Fischer
    • 1
  • Willi Meier
    • 1
  • Côme Berbain
    • 2
  • Jean-François Biasse
    • 2
  • M. J. B. Robshaw
    • 2
  1. 1.FHNWWindischSwitzerland
  2. 2.FTRDIssy les MoulineauxFrance

Personalised recommendations