改进对减圆 Salsa20 的密钥恢复攻击

IF 1.4 2区数学 Q3 COMPUTER SCIENCE, THEORY & METHODS Designs, Codes and Cryptography Pub Date : 2024-11-09 DOI:10.1007/s10623-024-01522-7

Sabyasachi Dey, Gregor Leander, Nitin Kumar Sharma

{"title":"改进对减圆 Salsa20 的密钥恢复攻击","authors":"Sabyasachi Dey, Gregor Leander, Nitin Kumar Sharma","doi":"10.1007/s10623-024-01522-7","DOIUrl":null,"url":null,"abstract":"<p>In this paper, we present an improved attack on the stream cipher Salsa20. Our improvements are based on two technical contributions. First, we make use of a distribution of a linear combination of several random variables that are derived from different differentials and explain how to exploit this in order to improve the attack complexity. Secondly, we study and exploit how to choose the actual value for so-called probabilistic neutral bits optimally. Because of the limited influence of these key bits on the computation, in the usual attack approach, these are fixed to a constant value, often zero for simplicity. As we will show, despite the fact that their influence is limited, the constant can be chosen in significantly better ways, and intriguingly, zero is the worst choice. Using this, we propose the first-ever attack on 7.5-round of the 128-bit key version of Salsa20. Also, we provide improvements in the attack against the 8-round of the 256-bit key version of Salsa20 and the 7-round of the 128-bit key version of Salsa20.</p>","PeriodicalId":11130,"journal":{"name":"Designs, Codes and Cryptography","volume":"2 1","pages":""},"PeriodicalIF":1.4000,"publicationDate":"2024-11-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Improved key recovery attacks on reduced-round Salsa20\",\"authors\":\"Sabyasachi Dey, Gregor Leander, Nitin Kumar Sharma\",\"doi\":\"10.1007/s10623-024-01522-7\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<p>In this paper, we present an improved attack on the stream cipher Salsa20. Our improvements are based on two technical contributions. First, we make use of a distribution of a linear combination of several random variables that are derived from different differentials and explain how to exploit this in order to improve the attack complexity. Secondly, we study and exploit how to choose the actual value for so-called probabilistic neutral bits optimally. Because of the limited influence of these key bits on the computation, in the usual attack approach, these are fixed to a constant value, often zero for simplicity. As we will show, despite the fact that their influence is limited, the constant can be chosen in significantly better ways, and intriguingly, zero is the worst choice. Using this, we propose the first-ever attack on 7.5-round of the 128-bit key version of Salsa20. Also, we provide improvements in the attack against the 8-round of the 256-bit key version of Salsa20 and the 7-round of the 128-bit key version of Salsa20.</p>\",\"PeriodicalId\":11130,\"journal\":{\"name\":\"Designs, Codes and Cryptography\",\"volume\":\"2 1\",\"pages\":\"\"},\"PeriodicalIF\":1.4000,\"publicationDate\":\"2024-11-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Designs, Codes and Cryptography\",\"FirstCategoryId\":\"100\",\"ListUrlMain\":\"https://doi.org/10.1007/s10623-024-01522-7\",\"RegionNum\":2,\"RegionCategory\":\"数学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, THEORY & METHODS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Designs, Codes and Cryptography","FirstCategoryId":"100","ListUrlMain":"https://doi.org/10.1007/s10623-024-01522-7","RegionNum":2,"RegionCategory":"数学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, THEORY & METHODS","Score":null,"Total":0}

引用次数: 0

摘要

在本文中，我们提出了对流密码 Salsa20 的改进攻击。我们的改进基于两个技术贡献。首先，我们利用了由不同差分导出的多个随机变量的线性组合分布，并解释了如何利用这一点来提高攻击的复杂性。其次，我们研究并利用了如何优化选择所谓概率中性比特的实际值。由于这些关键比特对计算的影响有限，在通常的攻击方法中，这些比特被固定为一个恒定值，为简单起见通常为零。正如我们将展示的那样，尽管它们的影响有限，但常数的选择方式却可以大大改善，而有趣的是，零是最差的选择。利用这一点，我们首次提出了对 128 位密钥版本 Salsa20 的 7.5 轮攻击。此外，我们还改进了对 8 轮 256 位密钥版 Salsa20 和 7 轮 128 位密钥版 Salsa20 的攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

摘要图片

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

Improved key recovery attacks on reduced-round Salsa20

In this paper, we present an improved attack on the stream cipher Salsa20. Our improvements are based on two technical contributions. First, we make use of a distribution of a linear combination of several random variables that are derived from different differentials and explain how to exploit this in order to improve the attack complexity. Secondly, we study and exploit how to choose the actual value for so-called probabilistic neutral bits optimally. Because of the limited influence of these key bits on the computation, in the usual attack approach, these are fixed to a constant value, often zero for simplicity. As we will show, despite the fact that their influence is limited, the constant can be chosen in significantly better ways, and intriguingly, zero is the worst choice. Using this, we propose the first-ever attack on 7.5-round of the 128-bit key version of Salsa20. Also, we provide improvements in the attack against the 8-round of the 256-bit key version of Salsa20 and the 7-round of the 128-bit key version of Salsa20.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Designs, Codes and Cryptography 工程技术-计算机：理论方法

CiteScore

2.80

自引率

12.50%

发文量

157

审稿时长

16.5 months

期刊介绍： Designs, Codes and Cryptography is an archival peer-reviewed technical journal publishing original research papers in the designated areas. There is a great deal of activity in design theory, coding theory and cryptography, including a substantial amount of research which brings together more than one of the subjects. While many journals exist for each of the individual areas, few encourage the interaction of the disciplines. The journal was founded to meet the needs of mathematicians, engineers and computer scientists working in these areas, whose interests extend beyond the bounds of any one of the individual disciplines. The journal provides a forum for high quality research in its three areas, with papers touching more than one of the areas especially welcome. The journal also considers high quality submissions in the closely related areas of finite fields and finite geometries, which provide important tools for both the construction and the actual application of designs, codes and cryptographic systems. In particular, it includes (mostly theoretical) papers on computational aspects of finite fields. It also considers topics in sequence design, which frequently admit equivalent formulations in the journal’s main areas. Designs, Codes and Cryptography is mathematically oriented, emphasizing the algebraic and geometric aspects of the areas it covers. The journal considers high quality papers of both a theoretical and a practical nature, provided they contain a substantial amount of mathematics.