Slid Pairs in Salsa20 and Trivium

[en] The stream ciphers Salsa20 and Trivium are two of the finalists of the eSTREAM project which are in the final portfolio of new promising stream ciphers. In this paper we show that initialization and key-stream generation of these ciphers is slidable, i.e. one can find distinct (Key, IV) pairs that produce identical (or closely related) key-streams. There are 2256 and more then 239 such pairs in Salsa20 and Trivium respectively. We write out and solve the non-linear equations which describe such related (Key, IV) pairs. This allows us to sample the space of such related pairs efficiently as well as detect such pairs in large portions of key-stream very efficiently. We show that Salsa20 does not have 256-bit security if one considers general birthday and related key distinguishing and key-recovery attacks.

Disciplines :

Sciences informatiques

Auteur, co-auteur :

PRIEMUTH-SCHMID, Deike ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

BIRYUKOV, Alex ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)

Co-auteurs externes :

Langue du document :

Anglais

Titre :

Slid Pairs in Salsa20 and Trivium

Date de publication/diffusion :

2008

Nom de la manifestation :

INDOCRYPT

Date de la manifestation :

2008

Manifestation à portée :

International

Titre de l'ouvrage principal :

INDOCRYPT

Maison d'édition :

Springer

Pagination :

1–14

Peer reviewed :

Peer reviewed

Focus Area :

Computational Sciences

Jeu de données :

10.1007/978-3-540-89754-5_1

Disponible sur ORBilu :

depuis le 17 décembre 2013

Statistiques

Nombre de vues

151 (dont 5 Unilu)

Nombre de téléchargements

22 (dont 0 Unilu)

Voir plus de statistiques

citations Scopus^®

citations Scopus^®
sans auto-citations

OpenCitations

citations OpenAlex

citations WoS^™

Bibliographie

Aumasson, J.-P., Fischer, S., Khazaei, S., Meier, W., Rechberger, C.: New Features of Latin Dances: Analysis of Salsa, ChaCha and Rumba. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086. Springer, Heidelberg (2008), Full version as IACR eprint, http://eprint.iacr.org/2007/472
Bernstein, D.J.: Salsa20. eSTREAM, Report 2005/025 (2005)
De Cannière, C., Preneel, B.: TRIVIUM - a stream cipher construction inspired by block cipher design principles. eSTREAM, Report 2005/030 (2005)
Crowley, P.: Truncated differential cryptanalysis of five rounds of Salsa20. In: SASC 2006 - Stream Ciphers Revisited (2006)
eSTREAM: The ECRYPT Stream Cipher Project, http://www.ecrypt.eu.org/ stream/
Fischer, S., Meier, W., Berbain, C., Biasse, J.-F., Robshaw, M.J.B.: Nonrandomness in eSTREAM Candidates Salsa20 and TSC-4. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 2-16. Springer, Heidelberg (2006)
Hong, J.: Discussion Forum. certain pairs of key-IV pairs for Trivium, created (September 13, 2005), http://www.ecrypt.eu.org/stream/phorum/read.php?1, 152
Maximov, A., Biryukov, A.: Two Trivial Attacks on Trivium. In: SASC 2007 - The State of the Art of Stream Ciphers (2007)
McDonald, C., Charnes, C., Pieprzyk, J.: Attacking Bivium with MiniSat. eSTREAM, Report 2007/040 (2007)
Raddum, H.: Cryptanalytic Results on TRIVIUM. eSTREAM, Report 2006/039 (2006)
Priemuth-Schmid, D., Biryukov, A.: Slid Pairs in Salsa20 and Trivium. Cryptology ePrint Archive, Report 2008/405 (2008), http://eprint.iacr.org/2008/ 405
Tsunoo, Y., Saito, T., Kubo, H., Suzaki, T., Nakashima, H.: Differential Cryptanalysis of Salsa20/8. In: SASC 2007 - The State of the Art of Stream Ciphers (2007)
Turan, M.S., Kara, O.: Linear Approximations for 2-round Trivium. In: SASC 2007 - The State of the Art of Stream Ciphers (2007)
Vielhaber, M.: Breaking ONE.Fivium by AIDA an Algebraic IV Differential Attack. Cryptology ePrint Archive, Report 2007/413 (2007), http://eprint.iacr. org/2007/413