Abstract
The stream ciphers Salsa20 and Trivium are two of the finalists of the eSTREAM project which are in the final portfolio of new promising stream ciphers. In this paper we show that initialization and key-stream generation of these ciphers is slidable, i.e. one can find distinct (Key, IV) pairs that produce identical (or closely related) key-streams. There are 2256 and more then 239 such pairs in Salsa20 and Trivium respectively. We write out and solve the non-linear equations which describe such related (Key, IV) pairs. This allows us to sample the space of such related pairs efficiently as well as detect such pairs in large portions of key-stream very efficiently. We show that Salsa20 does not have 256-bit security if one considers general birthday and related key distinguishing and key-recovery attacks.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Aumasson, J.-P., Fischer, S., Khazaei, S., Meier, W., Rechberger, C.: New Features of Latin Dances: Analysis of Salsa, ChaCha and Rumba. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086. Springer, Heidelberg (2008), Full version as IACR eprint, http://eprint.iacr.org/2007/472
Bernstein, D.J.: Salsa20. eSTREAM, Report 2005/025 (2005)
De Cannière, C., Preneel, B.: TRIVIUM - a stream cipher construction inspired by block cipher design principles. eSTREAM, Report 2005/030 (2005)
Crowley, P.: Truncated differential cryptanalysis of five rounds of Salsa20. In: SASC 2006 - Stream Ciphers Revisited (2006)
eSTREAM: The ECRYPT Stream Cipher Project, http://www.ecrypt.eu.org/stream/
Fischer, S., Meier, W., Berbain, C., Biasse, J.-F., Robshaw, M.J.B.: Non-randomness in eSTREAM Candidates Salsa20 and TSC-4. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 2–16. Springer, Heidelberg (2006)
Hong, J.: Discussion Forum. certain pairs of key-IV pairs for Trivium, created (September 13, 2005), http://www.ecrypt.eu.org/stream/phorum/read.php?1,152
Maximov, A., Biryukov, A.: Two Trivial Attacks on Trivium. In: SASC 2007 - The State of the Art of Stream Ciphers (2007)
McDonald, C., Charnes, C., Pieprzyk, J.: Attacking Bivium with MiniSat. eSTREAM, Report 2007/040 (2007)
Raddum, H.: Cryptanalytic Results on TRIVIUM. eSTREAM, Report 2006/039 (2006)
Priemuth-Schmid, D., Biryukov, A.: Slid Pairs in Salsa20 and Trivium. Cryptology ePrint Archive, Report 2008/405 (2008), http://eprint.iacr.org/2008/405
Tsunoo, Y., Saito, T., Kubo, H., Suzaki, T., Nakashima, H.: Differential Cryptanalysis of Salsa20/8. In: SASC 2007 - The State of the Art of Stream Ciphers (2007)
Turan, M.S., Kara, O.: Linear Approximations for 2-round Trivium. In: SASC 2007 - The State of the Art of Stream Ciphers (2007)
Vielhaber, M.: Breaking ONE.Fivium by AIDA an Algebraic IV Differential Attack. Cryptology ePrint Archive, Report 2007/413 (2007), http://eprint.iacr.org/2007/413
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Priemuth-Schmid, D., Biryukov, A. (2008). Slid Pairs in Salsa20 and Trivium. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds) Progress in Cryptology - INDOCRYPT 2008. INDOCRYPT 2008. Lecture Notes in Computer Science, vol 5365. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89754-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-540-89754-5_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89753-8
Online ISBN: 978-3-540-89754-5
eBook Packages: Computer ScienceComputer Science (R0)