Abstract
Salsa20 is a family of 256-bit stream ciphers designed in 2005 and submitted to eSTREAM, the ECRYPT Stream Cipher Project. Salsa20 has progressed to the third round of eSTREAM without any changes. The 20-round stream cipher Salsa20/20 is consistently faster than AES and is recommended by the designer for typical cryptographic applications. The reduced-round ciphers Salsa20/12 and Salsa20/8 are among the fastest 256-bit stream ciphers available and are recommended for applications where speed is more important than confidence. The fastest known attacks use ≈ 2153 simple operations against Salsa20/7, ≈ 2249 simple operations against Salsa20/8, and ≈ 2255 simple operations against Salsa20/9, Salsa20/10, etc. In this paper, the Salsa20 designer presents Salsa20 and discusses the decisions made in the Salsa20 design.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
MPC7450 RISC microprocessor family reference manual, Freescale Semiconductor (2005), http://www.freescale.com/files/32bit/doc/refmanual/MPC7450UM.pdf
Aumasson, J.-P., Fischer, S., Khazaei, S., Meier, W., Rechberger, C.: New features of Latin dances: analysis of Salsa, ChaCha, and Rumba (2007), http://eprint.iacr.org/2007/472
Barua, R., Lange, T. (eds.): INDOCRYPT 2006. LNCS, vol. 4329. Springer, Heidelberg (2006) See [14]
Bernstein, D.J.: The Poly1305-AES message-authentication code in [15], pp. 32–49 (2005) (ID 0018d9551b5546d97c340e0dd8cb5750), http://cr.yp.to/papers.html#poly1305
Bernstein, D.J.: Cache-timing attacks on AES (2005) (ID cd9faae9bd5308c440df50fc26a517b4), http://cr.yp.to/papers.html#cachetiming
Bernstein, D.J.: The Salsa20 stream cipher, slides of talk. In: ECRYPT STVL Workshop on Symmetric Key Encryption (2005), http://cr.yp.to/talks.html#2005.05.26
Bernstein, D.J.: Understanding brute force. In: Workshop Record of ECRYPT STVL Workshop on Symmetric Key Encryption, eSTREAM report 2005/036 (2005) (ID 73e92f5b71793b498288efe81fe55dee), http://cr.yp.to/papers.html#bruteforce
Bernstein, D.J.: Cycle counts for authenticated encryption. In: Workshop Record of SASC 2007: The State of the Art of Stream Ciphers, eSTREAM report 2007/015 (2007) (ID be6b4df07eb1ae67aba9338991b78388), http://cr.yp.to/papers.html#aecycles
Bernstein, D.J.: Polynomial evaluation and message authentication (2007) (ID b1ef3f2d385a926123e1517392e20f8c), http://cr.yp.to/papers.html#pema
Burwick, C., Coppersmith, D., D’Avignon, E., Gennaro, R., Halevi, S., Jutla, C., Matyas Jr., S.M., OĆonnor, L., Peyravian, M., Safford, D., Zunic, N.: MARS: a candidate cipher for AES (1999), www.research.ibm.com/security/mars.pdf
Crowley, P.: Truncated differential cryptanalysis of five rounds of Salsa20. In: Workshop Record of SASC 2006: Stream Ciphers Revisted, eSTREAM technical report 2005/073 (2005), http://www.ecrypt.eu.org/stream/papers.html
Davies, D.W. (ed.): EUROCRYPT 1991. LNCS, vol. 547. Springer, Heidelberg (1991) See [17]
Ferguson, N., Whiting, D., Schneier, B., Kelsey, J., Lucks, S., Kohno, T.: Helix: fast encryption and authentication in a single cryptographic primitive, in [16], pp. 330–346 (2003), http://www.macfergus.com/helix/
Fischer, S., Meier, W., Berbain, C., Biasse, J.-F., Robshaw, M.J.B.: Non-randomness in eSTREAM candidates Salsa20 and TSC-4, in [3], pp. 2–16 (2006)
Gilbert, H., Handschuh, H. (eds.): FSE 2005. LNCS, vol. 3557. Springer, Heidelberg (2005), See [4]
Johansson, T. (ed.): FSE 2003. LNCS, vol. 2887. Springer, Heidelberg (2003), See [13]
Lai, X., Massey, J.L., Murphy, S.: Markov ciphers and differential cryptanalysis, in [12], pp. 17–38 (1991)
Matsui, M., Nakajima, J.: On the power of bitslice implementation on Intel Core2 Processor, in [20], pp. 121–134 (2007)
Nechvatal, J., Barker, E., Bassham, L., Burr, W., Dworkin, M., Foti, J., Roback, E.: Report on the development of the Advanced Encryption Standard (AES). Journal of Research of the National Institute of Standards and Technology 106 (2001), http://nvl.nist.gov/pub/nistpubs/jres/106/3/cnt106-3.htm
Paillier, P., Verbauwhede, I. (eds.): CHES 2007. LNCS, vol. 4727. Springer, Heidelberg (2007) See [18]
Preneel, B. (ed.): FSE 1994. LNCS, vol. 1008. Springer, Heidelberg (1995) See [23]
Tsunoo, Y., Saito, T., Kubo, H., Suzaki, T., Nakashima, H.: Differential cryptanalysis of Salsa20/8. In: Workshop Record of SASC 2007: The State of the Art of Stream Ciphers, eSTREAM report 2007/010 (2007), http://www.ecrypt.eu.org/stream/papers.html
Wheeler, D.J., Needham, R.M.: TEA, a tiny encryption algorithm, in [21], pp. 363–366 (1995)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Bernstein, D.J. (2008). The Salsa20 Family of Stream Ciphers. In: Robshaw, M., Billet, O. (eds) New Stream Cipher Designs. Lecture Notes in Computer Science, vol 4986. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68351-3_8
Download citation
DOI: https://doi.org/10.1007/978-3-540-68351-3_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68350-6
Online ISBN: 978-3-540-68351-3
eBook Packages: Computer ScienceComputer Science (R0)