Abstract
ChaCha is a stream cipher introduced by Daniel Bernstein as a variant of Salsa20. Since the release of ChaCha, it has received the attention of many researchers as it has been widely deployed. In this study, we derive a new linear approximation for ChaCha with a higher probability bias. In addition, we found a combination of input/output differences corresponding to a new linear relationship. Furthermore, we proved that the proposed bias can be used to attack 7-round ChaCha with a reduced computational complexity from \(2^{221.95}\) to \(2^{120.9}\).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
We conducted the differential bias experiment on an Intel(R) Xeon(R) CPU E7-4830 v4 @ 2.00GHz machine with Ubuntu 21.0 OS. In addition, we used the Maximum Length Sequence Random Number Generator.
References
Aumasson, J.-P., Fischer, S., Khazaei, S., Meier, W., Rechberger, C.: New features of Latin dances: analysis of Salsa, ChaCha, and Rumba. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 470–488. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-71039-4_30
Beierle, C., Broll, M., Canale, F., David, N., Flórez-Gutiérrez, A., Leander, G., Naya-Plasencia, M., Todo, Y.: Improved differential-linear attacks with applications to ARX ciphers. J. Cryptol. 35(4), 29 (2022). https://doi.org/10.1007/s00145-022-09437-z
Beierle, C., Leander, G., Todo, Y.: Improved differential-linear attacks with applications to ARX ciphers. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020, Part III. LNCS, vol. 12172, pp. 329–358. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56877-1_12
Bellini, E., Gerault, D., Grados, J., Makarim, R.H., Peyrin, T.: Boosting differential-linear cryptanalysis of ChaCha7 with MILP. ToSC 2023(2), 189–223 (2023)
Bernstein, D.J.: ChaCha, a variant of Salsa20. In: Workshop Record of SASC, pp. 1–6 (2008)
Biham, E., Shamir, A.: Differential cryptanalysis of DES-like cryptosystems. J. Cryptol. 4(1), 3–72 (1991). https://doi.org/10.1007/BF00630563
Choudhuri, A.R., Maitra, S.: Significantly improved multi-bit differentials for reduced round salsa and ChaCha. IACR Trans. Symmetric Cryptol. 2016(2), 261–287 (2016)
Coutinho, M., Neto, T.: New multi-bit differentials to improve attacks against ChaCha. IACR Cryptology ePrint Archive 2020/350 (2020)
Coutinho, M., Souza Neto, T.C.: Improved linear approximations to ARX ciphers and attacks against ChaCha. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021, Part I. LNCS, vol. 12696, pp. 711–740. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_25
Coutinho, M., Passos, I., Grados Vásquez, J.C., de Mendonça, F.L., de Sousa Jr, R.T., Borges, F.: Latin dances reloaded: improved cryptanalysis against salsa and ChaCha, and the proposal of Forró. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT 2022, Part I. LNCS, vol. 13791, pp. 256–286. Springer, Cham (2023). https://doi.org/10.1007/978-3-031-22963-3_9
Dey, S., Garai, H.K., Maitra, S.: Cryptanalysis of reduced round ChaCha-new attack and deeper analysis. Cryptology ePrint Archive (2023)
Dey, S., Garai, H.K., Sarkar, S., Sharma, N.K.: Revamped differential-linear cryptanalysis on reduced round ChaCha. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022, Part III. LNCS, vol. 13277, pp. 86–114. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-07082-2_4
Dey, S., Sarkar, S.: Improved analysis for reduced round Salsa and ChaCha. Discrete Appl. Math. 227, 58–69 (2017)
Ghafoori, N., Miyaji, A.: Differential cryptanalysis of Salsa20 based on comprehensive analysis of PNBs. In: Su, C., Gritzalis, D., Piuri, V. (eds.) ISPEC 2022. LNCS, vol. 13620, pp. 520–536. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-21280-2_29
Langford, S.K., Hellman, M.E.: Differential-linear cryptanalysis. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 17–25. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_3
Langley, A., Chang, W., Mavrogiannopoulos, N., Strombergson, J., Josefsson, S.: ChaCha20-Poly1305 cipher suites for transport layer security (TLS). Technical report (2016)
Maitra, S.: Chosen IV cryptanalysis on reduced round ChaCha and Salsa. Discrete Appl. Math. 208, 88–97 (2016)
Matsui, M.: Linear cryptanalysis method for DES cipher. In: Helleseth, T. (ed.) EUROCRYPT 1993. LNCS, vol. 765, pp. 386–397. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48285-7_33
Miyashita, S., Ito, R., Miyaji, A.: PNB-focused differential cryptanalysis of ChaCha stream cipher. Cryptology ePrint Archive, Report 2021/1537 (2021). https://ia.cr/2021/1537
Niu, Z., Sun, S., Liu, Y., Li, C.: Rotational differential-linear distinguishers of ARX ciphers with arbitrary output linear masks. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, Part I. LNCS, vol. 13507, pp. 3–32. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15802-5_1
Shi, Z., Zhang, B., Feng, D., Wu, W.: Improved key recovery attacks on reduced-round Salsa20 and ChaCha. In: Kwon, T., Lee, M.-K., Kwon, D. (eds.) ICISC 2012. LNCS, vol. 7839, pp. 337–351. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-37682-5_24
Acknowledgement
This work is partially supported by JSPS KAKENHI Grant Number JP21H03443 and SECOM Science and Technology Foundation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Watanabe, R., Ghafoori, N., Miyaji, A. (2024). Improved Differential-Linear Cryptanalysis of Reduced Rounds of ChaCha. In: Kim, H., Youn, J. (eds) Information Security Applications. WISA 2023. Lecture Notes in Computer Science, vol 14402. Springer, Singapore. https://doi.org/10.1007/978-981-99-8024-6_21
Download citation
DOI: https://doi.org/10.1007/978-981-99-8024-6_21
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-8023-9
Online ISBN: 978-981-99-8024-6
eBook Packages: Computer ScienceComputer Science (R0)