On the Salsa20 Core Function

13 years 6 months ago

Download www-users.cs.york.ac.uk

In this paper, we point out some weaknesses in the Salsa20 core function that could be exploited to obtain up to 231 collisions for its full (20 rounds) version. We first find an invariant for its main building block, the quarterround function, that is then extended to the rowround and columnround functions. This allows us to find an input subset of size 232 for which the Salsa20 core behaves exactly as the transformation f(x) = 2x. An attacker can take advantage of this for constructing 231 collisions for any number of rounds. We finally show another weakness in the form of a differential characteristic with probability one that proves that the Salsa20 core does not have 2nd preimage resistance.

Julio César Hernández Castro, Juan M

Real-time Traffic

Collisions | Core Function | Cryptology | FSE 2008 | Main Building Block |

claim paper

» Interorganizational fault management Functional and organizational core aspects of managem...

» Embedded coring in MPEG video compression

» Putting Faulty Cores to Work

» BIST for systemsonachip

» Performance Enhancement of Network Devices with MultiCore Processors

» InformationFlow Security for a Core of JavaScript

» A Core Calculus for Provenance

» The Design of Core 2 A Library for Exact Numeric Computation in Geometry and Algebra

Post Info
More Details (n/a)

Added	26 Oct 2010
Updated	26 Oct 2010
Type	Conference
Year	2008
Where	FSE
Authors	Julio César Hernández Castro, Juan M. Estévez-Tapiador, Jean-Jacques Quisquater

Comments (0)

Sciweavers

On the Salsa20 Core Function

Collisions | Core Function | Cryptology | FSE 2008 | Main Building Block |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers