Latin Dances Reloaded: Improved Cryptanalysis Against Salsa and ChaCha, and the Proposal of Forró
Abstract In this paper, we present 4 major contributions to ARX ciphers and in particular, to the Salsa/ChaCha family of stream ciphers: We propose an improved differential-linear distinguisher against ChaCha. To do so, we propose a new way to approach the derivation of linear approximations by view...
Ausführliche Beschreibung
Gespeichert in:
| Autor*in: |
Coutinho, Murilo [verfasserIn] |
|---|
| Format: |
Artikel |
|---|---|
| Sprache: |
Englisch |
| Erschienen: |
2023 |
|---|
| Schlagwörter: |
|---|
| Anmerkung: |
© International Association for Cryptologic Research 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law. |
|---|
| Übergeordnetes Werk: |
Enthalten in: Journal of cryptology - Springer US, 1988, 36(2023), 3 vom: 01. Mai |
|---|---|
| Übergeordnetes Werk: |
volume:36 ; year:2023 ; number:3 ; day:01 ; month:05 |
| Links: |
|---|
| DOI / URN: |
10.1007/s00145-023-09455-5 |
|---|
| Katalog-ID: |
OLC2144916101 |
|---|
| LEADER | 01000naa a22002652 4500 | ||
|---|---|---|---|
| 001 | OLC2144916101 | ||
| 003 | DE-627 | ||
| 005 | 20240118101715.0 | ||
| 007 | tu | ||
| 008 | 240118s2023 xx ||||| 00| ||eng c | ||
| 024 | 7 | |a 10.1007/s00145-023-09455-5 |2 doi | |
| 035 | |a (DE-627)OLC2144916101 | ||
| 035 | |a (DE-He213)s00145-023-09455-5-p | ||
| 040 | |a DE-627 |b ger |c DE-627 |e rakwb | ||
| 041 | |a eng | ||
| 082 | 0 | 4 | |a 004 |q VZ |
| 100 | 1 | |a Coutinho, Murilo |e verfasserin |0 (orcid)0000-0001-7545-5040 |4 aut | |
| 245 | 1 | 0 | |a Latin Dances Reloaded: Improved Cryptanalysis Against Salsa and ChaCha, and the Proposal of Forró |
| 264 | 1 | |c 2023 | |
| 336 | |a Text |b txt |2 rdacontent | ||
| 337 | |a ohne Hilfsmittel zu benutzen |b n |2 rdamedia | ||
| 338 | |a Band |b nc |2 rdacarrier | ||
| 500 | |a © International Association for Cryptologic Research 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law. | ||
| 520 | |a Abstract In this paper, we present 4 major contributions to ARX ciphers and in particular, to the Salsa/ChaCha family of stream ciphers: We propose an improved differential-linear distinguisher against ChaCha. To do so, we propose a new way to approach the derivation of linear approximations by viewing the algorithm in terms of simpler subrounds. Using this idea, we show that it is possible to derive almost all linear approximations from previous works from just 3 simple rules. Furthermore, we show that with one extra rule, it is possible to improve the linear approximations proposed by Coutinho and Souza at Eurocrypt 2021 (Coutinho and Neto, in: Canteaut, Standaert (eds) Advances in cryptology—EUROCRYPT 2021—40th annual international conference on the theory and applications of cryptographic techniques, Zagreb, Croatia, October 17–21, 2021, proceedings, Part I. Lecture notes in computer science, vol 12696, Springer, 2021).We propose a technique called Bidirectional Linear Expansions (BLE) to improve attacks against Salsa. While previous works only considered linear expansions moving forward into the rounds, BLE explores the expansion of a single bit in both forward and backward directions. Applying BLE, we propose the first differential-linear distinguishers reaching 7 and 8 rounds of Salsa and we improve Probabilistic Neutral Bit (PNB) key-recovery attacks against 8 rounds of Salsa.At Eurocrypt 2022 (Dey et al in Revamped differential-linear cryptanalysis on reduced round chacha, Springer, 2022), Dey et al. proposed a technique to combine two input–output positions in a PNB attack. In this paper, we generalize this technique for an arbitrary number of input–output positions. Combining this approach with BLE, we are able to improve key recovery attacks against 7 rounds of Salsa.Using all the knowledge acquired studying the cryptanalysis of these ciphers, we propose some modifications in order to provide better diffusion per round and higher resistance to cryptanalysis, leading to a new stream cipher named Forró. We show that Forró has higher security margin; this allows us to reduce the total number of rounds while maintaining the security level, thus creating a faster cipher in many platforms, especially in constrained devices.Finally, we developed CryptDances, a new tool for the cryptanalysis of Salsa, ChaCha, and Forró designed to be used in high performance environments with several GPUs. With CryptDances it is possible to compute differential correlations, to derive new linear approximations for ChaCha automatically, to automate the computation of the complexity of PNB attacks, among other features. We make CryptDances available for the community at https://github.com/murcoutinho/cryptDances. | ||
| 650 | 4 | |a Differential-linear cryptanalysis | |
| 650 | 4 | |a ARX | |
| 650 | 4 | |a ChaCha | |
| 650 | 4 | |a Salsa | |
| 650 | 4 | |a Forró | |
| 700 | 1 | |a Passos, Iago |0 (orcid)0000-0002-6296-6041 |4 aut | |
| 700 | 1 | |a Vásquez, Juan C. Grados |0 (orcid)0000-0002-3863-3714 |4 aut | |
| 700 | 1 | |a Sarkar, Santanu |0 (orcid)0000-0001-6821-920X |4 aut | |
| 700 | 1 | |a de Mendonça, Fábio L. L. |0 (orcid)0000-0001-7100-7304 |4 aut | |
| 700 | 1 | |a de Sousa, Rafael T. |0 (orcid)0000-0003-1101-3029 |4 aut | |
| 700 | 1 | |a Borges, Fábio |0 (orcid)0000-0001-5159-9517 |4 aut | |
| 773 | 0 | 8 | |i Enthalten in |t Journal of cryptology |d Springer US, 1988 |g 36(2023), 3 vom: 01. Mai |w (DE-627)129248827 |w (DE-600)59383-7 |w (DE-576)017944120 |x 0933-2790 |7 nnns |
| 773 | 1 | 8 | |g volume:36 |g year:2023 |g number:3 |g day:01 |g month:05 |
| 856 | 4 | 1 | |u https://doi.org/10.1007/s00145-023-09455-5 |z lizenzpflichtig |3 Volltext |
| 912 | |a GBV_USEFLAG_A | ||
| 912 | |a SYSFLAG_A | ||
| 912 | |a GBV_OLC | ||
| 912 | |a SSG-OLC-MAT | ||
| 912 | |a SSG-OPC-MAT | ||
| 912 | |a GBV_ILN_11 | ||
| 912 | |a GBV_ILN_2018 | ||
| 912 | |a GBV_ILN_4277 | ||
| 951 | |a AR | ||
| 952 | |d 36 |j 2023 |e 3 |b 01 |c 05 | ||
| author_variant |
m c mc i p ip j c g v jcg jcgv s s ss m f l l d mfll mflld s r t d srt srtd f b fb |
|---|---|
| matchkey_str |
article:09332790:2023----::aidnerlaeipoecytnlssgisslancah |
| hierarchy_sort_str |
2023 |
| publishDate |
2023 |
| allfields |
10.1007/s00145-023-09455-5 doi (DE-627)OLC2144916101 (DE-He213)s00145-023-09455-5-p DE-627 ger DE-627 rakwb eng 004 VZ Coutinho, Murilo verfasserin (orcid)0000-0001-7545-5040 aut Latin Dances Reloaded: Improved Cryptanalysis Against Salsa and ChaCha, and the Proposal of Forró 2023 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier © International Association for Cryptologic Research 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law. Abstract In this paper, we present 4 major contributions to ARX ciphers and in particular, to the Salsa/ChaCha family of stream ciphers: We propose an improved differential-linear distinguisher against ChaCha. To do so, we propose a new way to approach the derivation of linear approximations by viewing the algorithm in terms of simpler subrounds. Using this idea, we show that it is possible to derive almost all linear approximations from previous works from just 3 simple rules. Furthermore, we show that with one extra rule, it is possible to improve the linear approximations proposed by Coutinho and Souza at Eurocrypt 2021 (Coutinho and Neto, in: Canteaut, Standaert (eds) Advances in cryptology—EUROCRYPT 2021—40th annual international conference on the theory and applications of cryptographic techniques, Zagreb, Croatia, October 17–21, 2021, proceedings, Part I. Lecture notes in computer science, vol 12696, Springer, 2021).We propose a technique called Bidirectional Linear Expansions (BLE) to improve attacks against Salsa. While previous works only considered linear expansions moving forward into the rounds, BLE explores the expansion of a single bit in both forward and backward directions. Applying BLE, we propose the first differential-linear distinguishers reaching 7 and 8 rounds of Salsa and we improve Probabilistic Neutral Bit (PNB) key-recovery attacks against 8 rounds of Salsa.At Eurocrypt 2022 (Dey et al in Revamped differential-linear cryptanalysis on reduced round chacha, Springer, 2022), Dey et al. proposed a technique to combine two input–output positions in a PNB attack. In this paper, we generalize this technique for an arbitrary number of input–output positions. Combining this approach with BLE, we are able to improve key recovery attacks against 7 rounds of Salsa.Using all the knowledge acquired studying the cryptanalysis of these ciphers, we propose some modifications in order to provide better diffusion per round and higher resistance to cryptanalysis, leading to a new stream cipher named Forró. We show that Forró has higher security margin; this allows us to reduce the total number of rounds while maintaining the security level, thus creating a faster cipher in many platforms, especially in constrained devices.Finally, we developed CryptDances, a new tool for the cryptanalysis of Salsa, ChaCha, and Forró designed to be used in high performance environments with several GPUs. With CryptDances it is possible to compute differential correlations, to derive new linear approximations for ChaCha automatically, to automate the computation of the complexity of PNB attacks, among other features. We make CryptDances available for the community at https://github.com/murcoutinho/cryptDances. Differential-linear cryptanalysis ARX ChaCha Salsa Forró Passos, Iago (orcid)0000-0002-6296-6041 aut Vásquez, Juan C. Grados (orcid)0000-0002-3863-3714 aut Sarkar, Santanu (orcid)0000-0001-6821-920X aut de Mendonça, Fábio L. L. (orcid)0000-0001-7100-7304 aut de Sousa, Rafael T. (orcid)0000-0003-1101-3029 aut Borges, Fábio (orcid)0000-0001-5159-9517 aut Enthalten in Journal of cryptology Springer US, 1988 36(2023), 3 vom: 01. Mai (DE-627)129248827 (DE-600)59383-7 (DE-576)017944120 0933-2790 nnns volume:36 year:2023 number:3 day:01 month:05 https://doi.org/10.1007/s00145-023-09455-5 lizenzpflichtig Volltext GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MAT SSG-OPC-MAT GBV_ILN_11 GBV_ILN_2018 GBV_ILN_4277 AR 36 2023 3 01 05 |
| spelling |
10.1007/s00145-023-09455-5 doi (DE-627)OLC2144916101 (DE-He213)s00145-023-09455-5-p DE-627 ger DE-627 rakwb eng 004 VZ Coutinho, Murilo verfasserin (orcid)0000-0001-7545-5040 aut Latin Dances Reloaded: Improved Cryptanalysis Against Salsa and ChaCha, and the Proposal of Forró 2023 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier © International Association for Cryptologic Research 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law. Abstract In this paper, we present 4 major contributions to ARX ciphers and in particular, to the Salsa/ChaCha family of stream ciphers: We propose an improved differential-linear distinguisher against ChaCha. To do so, we propose a new way to approach the derivation of linear approximations by viewing the algorithm in terms of simpler subrounds. Using this idea, we show that it is possible to derive almost all linear approximations from previous works from just 3 simple rules. Furthermore, we show that with one extra rule, it is possible to improve the linear approximations proposed by Coutinho and Souza at Eurocrypt 2021 (Coutinho and Neto, in: Canteaut, Standaert (eds) Advances in cryptology—EUROCRYPT 2021—40th annual international conference on the theory and applications of cryptographic techniques, Zagreb, Croatia, October 17–21, 2021, proceedings, Part I. Lecture notes in computer science, vol 12696, Springer, 2021).We propose a technique called Bidirectional Linear Expansions (BLE) to improve attacks against Salsa. While previous works only considered linear expansions moving forward into the rounds, BLE explores the expansion of a single bit in both forward and backward directions. Applying BLE, we propose the first differential-linear distinguishers reaching 7 and 8 rounds of Salsa and we improve Probabilistic Neutral Bit (PNB) key-recovery attacks against 8 rounds of Salsa.At Eurocrypt 2022 (Dey et al in Revamped differential-linear cryptanalysis on reduced round chacha, Springer, 2022), Dey et al. proposed a technique to combine two input–output positions in a PNB attack. In this paper, we generalize this technique for an arbitrary number of input–output positions. Combining this approach with BLE, we are able to improve key recovery attacks against 7 rounds of Salsa.Using all the knowledge acquired studying the cryptanalysis of these ciphers, we propose some modifications in order to provide better diffusion per round and higher resistance to cryptanalysis, leading to a new stream cipher named Forró. We show that Forró has higher security margin; this allows us to reduce the total number of rounds while maintaining the security level, thus creating a faster cipher in many platforms, especially in constrained devices.Finally, we developed CryptDances, a new tool for the cryptanalysis of Salsa, ChaCha, and Forró designed to be used in high performance environments with several GPUs. With CryptDances it is possible to compute differential correlations, to derive new linear approximations for ChaCha automatically, to automate the computation of the complexity of PNB attacks, among other features. We make CryptDances available for the community at https://github.com/murcoutinho/cryptDances. Differential-linear cryptanalysis ARX ChaCha Salsa Forró Passos, Iago (orcid)0000-0002-6296-6041 aut Vásquez, Juan C. Grados (orcid)0000-0002-3863-3714 aut Sarkar, Santanu (orcid)0000-0001-6821-920X aut de Mendonça, Fábio L. L. (orcid)0000-0001-7100-7304 aut de Sousa, Rafael T. (orcid)0000-0003-1101-3029 aut Borges, Fábio (orcid)0000-0001-5159-9517 aut Enthalten in Journal of cryptology Springer US, 1988 36(2023), 3 vom: 01. Mai (DE-627)129248827 (DE-600)59383-7 (DE-576)017944120 0933-2790 nnns volume:36 year:2023 number:3 day:01 month:05 https://doi.org/10.1007/s00145-023-09455-5 lizenzpflichtig Volltext GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MAT SSG-OPC-MAT GBV_ILN_11 GBV_ILN_2018 GBV_ILN_4277 AR 36 2023 3 01 05 |
| allfields_unstemmed |
10.1007/s00145-023-09455-5 doi (DE-627)OLC2144916101 (DE-He213)s00145-023-09455-5-p DE-627 ger DE-627 rakwb eng 004 VZ Coutinho, Murilo verfasserin (orcid)0000-0001-7545-5040 aut Latin Dances Reloaded: Improved Cryptanalysis Against Salsa and ChaCha, and the Proposal of Forró 2023 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier © International Association for Cryptologic Research 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law. Abstract In this paper, we present 4 major contributions to ARX ciphers and in particular, to the Salsa/ChaCha family of stream ciphers: We propose an improved differential-linear distinguisher against ChaCha. To do so, we propose a new way to approach the derivation of linear approximations by viewing the algorithm in terms of simpler subrounds. Using this idea, we show that it is possible to derive almost all linear approximations from previous works from just 3 simple rules. Furthermore, we show that with one extra rule, it is possible to improve the linear approximations proposed by Coutinho and Souza at Eurocrypt 2021 (Coutinho and Neto, in: Canteaut, Standaert (eds) Advances in cryptology—EUROCRYPT 2021—40th annual international conference on the theory and applications of cryptographic techniques, Zagreb, Croatia, October 17–21, 2021, proceedings, Part I. Lecture notes in computer science, vol 12696, Springer, 2021).We propose a technique called Bidirectional Linear Expansions (BLE) to improve attacks against Salsa. While previous works only considered linear expansions moving forward into the rounds, BLE explores the expansion of a single bit in both forward and backward directions. Applying BLE, we propose the first differential-linear distinguishers reaching 7 and 8 rounds of Salsa and we improve Probabilistic Neutral Bit (PNB) key-recovery attacks against 8 rounds of Salsa.At Eurocrypt 2022 (Dey et al in Revamped differential-linear cryptanalysis on reduced round chacha, Springer, 2022), Dey et al. proposed a technique to combine two input–output positions in a PNB attack. In this paper, we generalize this technique for an arbitrary number of input–output positions. Combining this approach with BLE, we are able to improve key recovery attacks against 7 rounds of Salsa.Using all the knowledge acquired studying the cryptanalysis of these ciphers, we propose some modifications in order to provide better diffusion per round and higher resistance to cryptanalysis, leading to a new stream cipher named Forró. We show that Forró has higher security margin; this allows us to reduce the total number of rounds while maintaining the security level, thus creating a faster cipher in many platforms, especially in constrained devices.Finally, we developed CryptDances, a new tool for the cryptanalysis of Salsa, ChaCha, and Forró designed to be used in high performance environments with several GPUs. With CryptDances it is possible to compute differential correlations, to derive new linear approximations for ChaCha automatically, to automate the computation of the complexity of PNB attacks, among other features. We make CryptDances available for the community at https://github.com/murcoutinho/cryptDances. Differential-linear cryptanalysis ARX ChaCha Salsa Forró Passos, Iago (orcid)0000-0002-6296-6041 aut Vásquez, Juan C. Grados (orcid)0000-0002-3863-3714 aut Sarkar, Santanu (orcid)0000-0001-6821-920X aut de Mendonça, Fábio L. L. (orcid)0000-0001-7100-7304 aut de Sousa, Rafael T. (orcid)0000-0003-1101-3029 aut Borges, Fábio (orcid)0000-0001-5159-9517 aut Enthalten in Journal of cryptology Springer US, 1988 36(2023), 3 vom: 01. Mai (DE-627)129248827 (DE-600)59383-7 (DE-576)017944120 0933-2790 nnns volume:36 year:2023 number:3 day:01 month:05 https://doi.org/10.1007/s00145-023-09455-5 lizenzpflichtig Volltext GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MAT SSG-OPC-MAT GBV_ILN_11 GBV_ILN_2018 GBV_ILN_4277 AR 36 2023 3 01 05 |
| allfieldsGer |
10.1007/s00145-023-09455-5 doi (DE-627)OLC2144916101 (DE-He213)s00145-023-09455-5-p DE-627 ger DE-627 rakwb eng 004 VZ Coutinho, Murilo verfasserin (orcid)0000-0001-7545-5040 aut Latin Dances Reloaded: Improved Cryptanalysis Against Salsa and ChaCha, and the Proposal of Forró 2023 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier © International Association for Cryptologic Research 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law. Abstract In this paper, we present 4 major contributions to ARX ciphers and in particular, to the Salsa/ChaCha family of stream ciphers: We propose an improved differential-linear distinguisher against ChaCha. To do so, we propose a new way to approach the derivation of linear approximations by viewing the algorithm in terms of simpler subrounds. Using this idea, we show that it is possible to derive almost all linear approximations from previous works from just 3 simple rules. Furthermore, we show that with one extra rule, it is possible to improve the linear approximations proposed by Coutinho and Souza at Eurocrypt 2021 (Coutinho and Neto, in: Canteaut, Standaert (eds) Advances in cryptology—EUROCRYPT 2021—40th annual international conference on the theory and applications of cryptographic techniques, Zagreb, Croatia, October 17–21, 2021, proceedings, Part I. Lecture notes in computer science, vol 12696, Springer, 2021).We propose a technique called Bidirectional Linear Expansions (BLE) to improve attacks against Salsa. While previous works only considered linear expansions moving forward into the rounds, BLE explores the expansion of a single bit in both forward and backward directions. Applying BLE, we propose the first differential-linear distinguishers reaching 7 and 8 rounds of Salsa and we improve Probabilistic Neutral Bit (PNB) key-recovery attacks against 8 rounds of Salsa.At Eurocrypt 2022 (Dey et al in Revamped differential-linear cryptanalysis on reduced round chacha, Springer, 2022), Dey et al. proposed a technique to combine two input–output positions in a PNB attack. In this paper, we generalize this technique for an arbitrary number of input–output positions. Combining this approach with BLE, we are able to improve key recovery attacks against 7 rounds of Salsa.Using all the knowledge acquired studying the cryptanalysis of these ciphers, we propose some modifications in order to provide better diffusion per round and higher resistance to cryptanalysis, leading to a new stream cipher named Forró. We show that Forró has higher security margin; this allows us to reduce the total number of rounds while maintaining the security level, thus creating a faster cipher in many platforms, especially in constrained devices.Finally, we developed CryptDances, a new tool for the cryptanalysis of Salsa, ChaCha, and Forró designed to be used in high performance environments with several GPUs. With CryptDances it is possible to compute differential correlations, to derive new linear approximations for ChaCha automatically, to automate the computation of the complexity of PNB attacks, among other features. We make CryptDances available for the community at https://github.com/murcoutinho/cryptDances. Differential-linear cryptanalysis ARX ChaCha Salsa Forró Passos, Iago (orcid)0000-0002-6296-6041 aut Vásquez, Juan C. Grados (orcid)0000-0002-3863-3714 aut Sarkar, Santanu (orcid)0000-0001-6821-920X aut de Mendonça, Fábio L. L. (orcid)0000-0001-7100-7304 aut de Sousa, Rafael T. (orcid)0000-0003-1101-3029 aut Borges, Fábio (orcid)0000-0001-5159-9517 aut Enthalten in Journal of cryptology Springer US, 1988 36(2023), 3 vom: 01. Mai (DE-627)129248827 (DE-600)59383-7 (DE-576)017944120 0933-2790 nnns volume:36 year:2023 number:3 day:01 month:05 https://doi.org/10.1007/s00145-023-09455-5 lizenzpflichtig Volltext GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MAT SSG-OPC-MAT GBV_ILN_11 GBV_ILN_2018 GBV_ILN_4277 AR 36 2023 3 01 05 |
| allfieldsSound |
10.1007/s00145-023-09455-5 doi (DE-627)OLC2144916101 (DE-He213)s00145-023-09455-5-p DE-627 ger DE-627 rakwb eng 004 VZ Coutinho, Murilo verfasserin (orcid)0000-0001-7545-5040 aut Latin Dances Reloaded: Improved Cryptanalysis Against Salsa and ChaCha, and the Proposal of Forró 2023 Text txt rdacontent ohne Hilfsmittel zu benutzen n rdamedia Band nc rdacarrier © International Association for Cryptologic Research 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law. Abstract In this paper, we present 4 major contributions to ARX ciphers and in particular, to the Salsa/ChaCha family of stream ciphers: We propose an improved differential-linear distinguisher against ChaCha. To do so, we propose a new way to approach the derivation of linear approximations by viewing the algorithm in terms of simpler subrounds. Using this idea, we show that it is possible to derive almost all linear approximations from previous works from just 3 simple rules. Furthermore, we show that with one extra rule, it is possible to improve the linear approximations proposed by Coutinho and Souza at Eurocrypt 2021 (Coutinho and Neto, in: Canteaut, Standaert (eds) Advances in cryptology—EUROCRYPT 2021—40th annual international conference on the theory and applications of cryptographic techniques, Zagreb, Croatia, October 17–21, 2021, proceedings, Part I. Lecture notes in computer science, vol 12696, Springer, 2021).We propose a technique called Bidirectional Linear Expansions (BLE) to improve attacks against Salsa. While previous works only considered linear expansions moving forward into the rounds, BLE explores the expansion of a single bit in both forward and backward directions. Applying BLE, we propose the first differential-linear distinguishers reaching 7 and 8 rounds of Salsa and we improve Probabilistic Neutral Bit (PNB) key-recovery attacks against 8 rounds of Salsa.At Eurocrypt 2022 (Dey et al in Revamped differential-linear cryptanalysis on reduced round chacha, Springer, 2022), Dey et al. proposed a technique to combine two input–output positions in a PNB attack. In this paper, we generalize this technique for an arbitrary number of input–output positions. Combining this approach with BLE, we are able to improve key recovery attacks against 7 rounds of Salsa.Using all the knowledge acquired studying the cryptanalysis of these ciphers, we propose some modifications in order to provide better diffusion per round and higher resistance to cryptanalysis, leading to a new stream cipher named Forró. We show that Forró has higher security margin; this allows us to reduce the total number of rounds while maintaining the security level, thus creating a faster cipher in many platforms, especially in constrained devices.Finally, we developed CryptDances, a new tool for the cryptanalysis of Salsa, ChaCha, and Forró designed to be used in high performance environments with several GPUs. With CryptDances it is possible to compute differential correlations, to derive new linear approximations for ChaCha automatically, to automate the computation of the complexity of PNB attacks, among other features. We make CryptDances available for the community at https://github.com/murcoutinho/cryptDances. Differential-linear cryptanalysis ARX ChaCha Salsa Forró Passos, Iago (orcid)0000-0002-6296-6041 aut Vásquez, Juan C. Grados (orcid)0000-0002-3863-3714 aut Sarkar, Santanu (orcid)0000-0001-6821-920X aut de Mendonça, Fábio L. L. (orcid)0000-0001-7100-7304 aut de Sousa, Rafael T. (orcid)0000-0003-1101-3029 aut Borges, Fábio (orcid)0000-0001-5159-9517 aut Enthalten in Journal of cryptology Springer US, 1988 36(2023), 3 vom: 01. Mai (DE-627)129248827 (DE-600)59383-7 (DE-576)017944120 0933-2790 nnns volume:36 year:2023 number:3 day:01 month:05 https://doi.org/10.1007/s00145-023-09455-5 lizenzpflichtig Volltext GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MAT SSG-OPC-MAT GBV_ILN_11 GBV_ILN_2018 GBV_ILN_4277 AR 36 2023 3 01 05 |
| language |
English |
| source |
Enthalten in Journal of cryptology 36(2023), 3 vom: 01. Mai volume:36 year:2023 number:3 day:01 month:05 |
| sourceStr |
Enthalten in Journal of cryptology 36(2023), 3 vom: 01. Mai volume:36 year:2023 number:3 day:01 month:05 |
| format_phy_str_mv |
Article |
| institution |
findex.gbv.de |
| topic_facet |
Differential-linear cryptanalysis ARX ChaCha Salsa Forró |
| dewey-raw |
004 |
| isfreeaccess_bool |
false |
| container_title |
Journal of cryptology |
| authorswithroles_txt_mv |
Coutinho, Murilo @@aut@@ Passos, Iago @@aut@@ Vásquez, Juan C. Grados @@aut@@ Sarkar, Santanu @@aut@@ de Mendonça, Fábio L. L. @@aut@@ de Sousa, Rafael T. @@aut@@ Borges, Fábio @@aut@@ |
| publishDateDaySort_date |
2023-05-01T00:00:00Z |
| hierarchy_top_id |
129248827 |
| dewey-sort |
14 |
| id |
OLC2144916101 |
| language_de |
englisch |
| fullrecord |
<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01000naa a22002652 4500</leader><controlfield tag="001">OLC2144916101</controlfield><controlfield tag="003">DE-627</controlfield><controlfield tag="005">20240118101715.0</controlfield><controlfield tag="007">tu</controlfield><controlfield tag="008">240118s2023 xx ||||| 00| ||eng c</controlfield><datafield tag="024" ind1="7" ind2=" "><subfield code="a">10.1007/s00145-023-09455-5</subfield><subfield code="2">doi</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627)OLC2144916101</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-He213)s00145-023-09455-5-p</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="082" ind1="0" ind2="4"><subfield code="a">004</subfield><subfield code="q">VZ</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Coutinho, Murilo</subfield><subfield code="e">verfasserin</subfield><subfield code="0">(orcid)0000-0001-7545-5040</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Latin Dances Reloaded: Improved Cryptanalysis Against Salsa and ChaCha, and the Proposal of Forró</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2023</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">ohne Hilfsmittel zu benutzen</subfield><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Band</subfield><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">© International Association for Cryptologic Research 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Abstract In this paper, we present 4 major contributions to ARX ciphers and in particular, to the Salsa/ChaCha family of stream ciphers: We propose an improved differential-linear distinguisher against ChaCha. To do so, we propose a new way to approach the derivation of linear approximations by viewing the algorithm in terms of simpler subrounds. Using this idea, we show that it is possible to derive almost all linear approximations from previous works from just 3 simple rules. Furthermore, we show that with one extra rule, it is possible to improve the linear approximations proposed by Coutinho and Souza at Eurocrypt 2021 (Coutinho and Neto, in: Canteaut, Standaert (eds) Advances in cryptology—EUROCRYPT 2021—40th annual international conference on the theory and applications of cryptographic techniques, Zagreb, Croatia, October 17–21, 2021, proceedings, Part I. Lecture notes in computer science, vol 12696, Springer, 2021).We propose a technique called Bidirectional Linear Expansions (BLE) to improve attacks against Salsa. While previous works only considered linear expansions moving forward into the rounds, BLE explores the expansion of a single bit in both forward and backward directions. Applying BLE, we propose the first differential-linear distinguishers reaching 7 and 8 rounds of Salsa and we improve Probabilistic Neutral Bit (PNB) key-recovery attacks against 8 rounds of Salsa.At Eurocrypt 2022 (Dey et al in Revamped differential-linear cryptanalysis on reduced round chacha, Springer, 2022), Dey et al. proposed a technique to combine two input–output positions in a PNB attack. In this paper, we generalize this technique for an arbitrary number of input–output positions. Combining this approach with BLE, we are able to improve key recovery attacks against 7 rounds of Salsa.Using all the knowledge acquired studying the cryptanalysis of these ciphers, we propose some modifications in order to provide better diffusion per round and higher resistance to cryptanalysis, leading to a new stream cipher named Forró. We show that Forró has higher security margin; this allows us to reduce the total number of rounds while maintaining the security level, thus creating a faster cipher in many platforms, especially in constrained devices.Finally, we developed CryptDances, a new tool for the cryptanalysis of Salsa, ChaCha, and Forró designed to be used in high performance environments with several GPUs. With CryptDances it is possible to compute differential correlations, to derive new linear approximations for ChaCha automatically, to automate the computation of the complexity of PNB attacks, among other features. We make CryptDances available for the community at https://github.com/murcoutinho/cryptDances.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Differential-linear cryptanalysis</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">ARX</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">ChaCha</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Salsa</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Forró</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Passos, Iago</subfield><subfield code="0">(orcid)0000-0002-6296-6041</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Vásquez, Juan C. Grados</subfield><subfield code="0">(orcid)0000-0002-3863-3714</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Sarkar, Santanu</subfield><subfield code="0">(orcid)0000-0001-6821-920X</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">de Mendonça, Fábio L. L.</subfield><subfield code="0">(orcid)0000-0001-7100-7304</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">de Sousa, Rafael T.</subfield><subfield code="0">(orcid)0000-0003-1101-3029</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Borges, Fábio</subfield><subfield code="0">(orcid)0000-0001-5159-9517</subfield><subfield code="4">aut</subfield></datafield><datafield tag="773" ind1="0" ind2="8"><subfield code="i">Enthalten in</subfield><subfield code="t">Journal of cryptology</subfield><subfield code="d">Springer US, 1988</subfield><subfield code="g">36(2023), 3 vom: 01. Mai</subfield><subfield code="w">(DE-627)129248827</subfield><subfield code="w">(DE-600)59383-7</subfield><subfield code="w">(DE-576)017944120</subfield><subfield code="x">0933-2790</subfield><subfield code="7">nnns</subfield></datafield><datafield tag="773" ind1="1" ind2="8"><subfield code="g">volume:36</subfield><subfield code="g">year:2023</subfield><subfield code="g">number:3</subfield><subfield code="g">day:01</subfield><subfield code="g">month:05</subfield></datafield><datafield tag="856" ind1="4" ind2="1"><subfield code="u">https://doi.org/10.1007/s00145-023-09455-5</subfield><subfield code="z">lizenzpflichtig</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_USEFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SYSFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_OLC</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SSG-OLC-MAT</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SSG-OPC-MAT</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_11</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2018</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4277</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">AR</subfield></datafield><datafield tag="952" ind1=" " ind2=" "><subfield code="d">36</subfield><subfield code="j">2023</subfield><subfield code="e">3</subfield><subfield code="b">01</subfield><subfield code="c">05</subfield></datafield></record></collection>
|
| author |
Coutinho, Murilo |
| spellingShingle |
Coutinho, Murilo ddc 004 misc Differential-linear cryptanalysis misc ARX misc ChaCha misc Salsa misc Forró Latin Dances Reloaded: Improved Cryptanalysis Against Salsa and ChaCha, and the Proposal of Forró |
| authorStr |
Coutinho, Murilo |
| ppnlink_with_tag_str_mv |
@@773@@(DE-627)129248827 |
| format |
Article |
| dewey-ones |
004 - Data processing & computer science |
| delete_txt_mv |
keep |
| author_role |
aut aut aut aut aut aut aut |
| collection |
OLC |
| remote_str |
false |
| illustrated |
Not Illustrated |
| issn |
0933-2790 |
| topic_title |
004 VZ Latin Dances Reloaded: Improved Cryptanalysis Against Salsa and ChaCha, and the Proposal of Forró Differential-linear cryptanalysis ARX ChaCha Salsa Forró |
| topic |
ddc 004 misc Differential-linear cryptanalysis misc ARX misc ChaCha misc Salsa misc Forró |
| topic_unstemmed |
ddc 004 misc Differential-linear cryptanalysis misc ARX misc ChaCha misc Salsa misc Forró |
| topic_browse |
ddc 004 misc Differential-linear cryptanalysis misc ARX misc ChaCha misc Salsa misc Forró |
| format_facet |
Aufsätze Gedruckte Aufsätze |
| format_main_str_mv |
Text Zeitschrift/Artikel |
| carriertype_str_mv |
nc |
| hierarchy_parent_title |
Journal of cryptology |
| hierarchy_parent_id |
129248827 |
| dewey-tens |
000 - Computer science, knowledge & systems |
| hierarchy_top_title |
Journal of cryptology |
| isfreeaccess_txt |
false |
| familylinks_str_mv |
(DE-627)129248827 (DE-600)59383-7 (DE-576)017944120 |
| title |
Latin Dances Reloaded: Improved Cryptanalysis Against Salsa and ChaCha, and the Proposal of Forró |
| ctrlnum |
(DE-627)OLC2144916101 (DE-He213)s00145-023-09455-5-p |
| title_full |
Latin Dances Reloaded: Improved Cryptanalysis Against Salsa and ChaCha, and the Proposal of Forró |
| author_sort |
Coutinho, Murilo |
| journal |
Journal of cryptology |
| journalStr |
Journal of cryptology |
| lang_code |
eng |
| isOA_bool |
false |
| dewey-hundreds |
000 - Computer science, information & general works |
| recordtype |
marc |
| publishDateSort |
2023 |
| contenttype_str_mv |
txt |
| author_browse |
Coutinho, Murilo Passos, Iago Vásquez, Juan C. Grados Sarkar, Santanu de Mendonça, Fábio L. L. de Sousa, Rafael T. Borges, Fábio |
| container_volume |
36 |
| class |
004 VZ |
| format_se |
Aufsätze |
| author-letter |
Coutinho, Murilo |
| doi_str_mv |
10.1007/s00145-023-09455-5 |
| normlink |
(ORCID)0000-0001-7545-5040 (ORCID)0000-0002-6296-6041 (ORCID)0000-0002-3863-3714 (ORCID)0000-0001-6821-920X (ORCID)0000-0001-7100-7304 (ORCID)0000-0003-1101-3029 (ORCID)0000-0001-5159-9517 |
| normlink_prefix_str_mv |
(orcid)0000-0001-7545-5040 (orcid)0000-0002-6296-6041 (orcid)0000-0002-3863-3714 (orcid)0000-0001-6821-920X (orcid)0000-0001-7100-7304 (orcid)0000-0003-1101-3029 (orcid)0000-0001-5159-9517 |
| dewey-full |
004 |
| title_sort |
latin dances reloaded: improved cryptanalysis against salsa and chacha, and the proposal of forró |
| title_auth |
Latin Dances Reloaded: Improved Cryptanalysis Against Salsa and ChaCha, and the Proposal of Forró |
| abstract |
Abstract In this paper, we present 4 major contributions to ARX ciphers and in particular, to the Salsa/ChaCha family of stream ciphers: We propose an improved differential-linear distinguisher against ChaCha. To do so, we propose a new way to approach the derivation of linear approximations by viewing the algorithm in terms of simpler subrounds. Using this idea, we show that it is possible to derive almost all linear approximations from previous works from just 3 simple rules. Furthermore, we show that with one extra rule, it is possible to improve the linear approximations proposed by Coutinho and Souza at Eurocrypt 2021 (Coutinho and Neto, in: Canteaut, Standaert (eds) Advances in cryptology—EUROCRYPT 2021—40th annual international conference on the theory and applications of cryptographic techniques, Zagreb, Croatia, October 17–21, 2021, proceedings, Part I. Lecture notes in computer science, vol 12696, Springer, 2021).We propose a technique called Bidirectional Linear Expansions (BLE) to improve attacks against Salsa. While previous works only considered linear expansions moving forward into the rounds, BLE explores the expansion of a single bit in both forward and backward directions. Applying BLE, we propose the first differential-linear distinguishers reaching 7 and 8 rounds of Salsa and we improve Probabilistic Neutral Bit (PNB) key-recovery attacks against 8 rounds of Salsa.At Eurocrypt 2022 (Dey et al in Revamped differential-linear cryptanalysis on reduced round chacha, Springer, 2022), Dey et al. proposed a technique to combine two input–output positions in a PNB attack. In this paper, we generalize this technique for an arbitrary number of input–output positions. Combining this approach with BLE, we are able to improve key recovery attacks against 7 rounds of Salsa.Using all the knowledge acquired studying the cryptanalysis of these ciphers, we propose some modifications in order to provide better diffusion per round and higher resistance to cryptanalysis, leading to a new stream cipher named Forró. We show that Forró has higher security margin; this allows us to reduce the total number of rounds while maintaining the security level, thus creating a faster cipher in many platforms, especially in constrained devices.Finally, we developed CryptDances, a new tool for the cryptanalysis of Salsa, ChaCha, and Forró designed to be used in high performance environments with several GPUs. With CryptDances it is possible to compute differential correlations, to derive new linear approximations for ChaCha automatically, to automate the computation of the complexity of PNB attacks, among other features. We make CryptDances available for the community at https://github.com/murcoutinho/cryptDances. © International Association for Cryptologic Research 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law. |
| abstractGer |
Abstract In this paper, we present 4 major contributions to ARX ciphers and in particular, to the Salsa/ChaCha family of stream ciphers: We propose an improved differential-linear distinguisher against ChaCha. To do so, we propose a new way to approach the derivation of linear approximations by viewing the algorithm in terms of simpler subrounds. Using this idea, we show that it is possible to derive almost all linear approximations from previous works from just 3 simple rules. Furthermore, we show that with one extra rule, it is possible to improve the linear approximations proposed by Coutinho and Souza at Eurocrypt 2021 (Coutinho and Neto, in: Canteaut, Standaert (eds) Advances in cryptology—EUROCRYPT 2021—40th annual international conference on the theory and applications of cryptographic techniques, Zagreb, Croatia, October 17–21, 2021, proceedings, Part I. Lecture notes in computer science, vol 12696, Springer, 2021).We propose a technique called Bidirectional Linear Expansions (BLE) to improve attacks against Salsa. While previous works only considered linear expansions moving forward into the rounds, BLE explores the expansion of a single bit in both forward and backward directions. Applying BLE, we propose the first differential-linear distinguishers reaching 7 and 8 rounds of Salsa and we improve Probabilistic Neutral Bit (PNB) key-recovery attacks against 8 rounds of Salsa.At Eurocrypt 2022 (Dey et al in Revamped differential-linear cryptanalysis on reduced round chacha, Springer, 2022), Dey et al. proposed a technique to combine two input–output positions in a PNB attack. In this paper, we generalize this technique for an arbitrary number of input–output positions. Combining this approach with BLE, we are able to improve key recovery attacks against 7 rounds of Salsa.Using all the knowledge acquired studying the cryptanalysis of these ciphers, we propose some modifications in order to provide better diffusion per round and higher resistance to cryptanalysis, leading to a new stream cipher named Forró. We show that Forró has higher security margin; this allows us to reduce the total number of rounds while maintaining the security level, thus creating a faster cipher in many platforms, especially in constrained devices.Finally, we developed CryptDances, a new tool for the cryptanalysis of Salsa, ChaCha, and Forró designed to be used in high performance environments with several GPUs. With CryptDances it is possible to compute differential correlations, to derive new linear approximations for ChaCha automatically, to automate the computation of the complexity of PNB attacks, among other features. We make CryptDances available for the community at https://github.com/murcoutinho/cryptDances. © International Association for Cryptologic Research 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law. |
| abstract_unstemmed |
Abstract In this paper, we present 4 major contributions to ARX ciphers and in particular, to the Salsa/ChaCha family of stream ciphers: We propose an improved differential-linear distinguisher against ChaCha. To do so, we propose a new way to approach the derivation of linear approximations by viewing the algorithm in terms of simpler subrounds. Using this idea, we show that it is possible to derive almost all linear approximations from previous works from just 3 simple rules. Furthermore, we show that with one extra rule, it is possible to improve the linear approximations proposed by Coutinho and Souza at Eurocrypt 2021 (Coutinho and Neto, in: Canteaut, Standaert (eds) Advances in cryptology—EUROCRYPT 2021—40th annual international conference on the theory and applications of cryptographic techniques, Zagreb, Croatia, October 17–21, 2021, proceedings, Part I. Lecture notes in computer science, vol 12696, Springer, 2021).We propose a technique called Bidirectional Linear Expansions (BLE) to improve attacks against Salsa. While previous works only considered linear expansions moving forward into the rounds, BLE explores the expansion of a single bit in both forward and backward directions. Applying BLE, we propose the first differential-linear distinguishers reaching 7 and 8 rounds of Salsa and we improve Probabilistic Neutral Bit (PNB) key-recovery attacks against 8 rounds of Salsa.At Eurocrypt 2022 (Dey et al in Revamped differential-linear cryptanalysis on reduced round chacha, Springer, 2022), Dey et al. proposed a technique to combine two input–output positions in a PNB attack. In this paper, we generalize this technique for an arbitrary number of input–output positions. Combining this approach with BLE, we are able to improve key recovery attacks against 7 rounds of Salsa.Using all the knowledge acquired studying the cryptanalysis of these ciphers, we propose some modifications in order to provide better diffusion per round and higher resistance to cryptanalysis, leading to a new stream cipher named Forró. We show that Forró has higher security margin; this allows us to reduce the total number of rounds while maintaining the security level, thus creating a faster cipher in many platforms, especially in constrained devices.Finally, we developed CryptDances, a new tool for the cryptanalysis of Salsa, ChaCha, and Forró designed to be used in high performance environments with several GPUs. With CryptDances it is possible to compute differential correlations, to derive new linear approximations for ChaCha automatically, to automate the computation of the complexity of PNB attacks, among other features. We make CryptDances available for the community at https://github.com/murcoutinho/cryptDances. © International Association for Cryptologic Research 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law. |
| collection_details |
GBV_USEFLAG_A SYSFLAG_A GBV_OLC SSG-OLC-MAT SSG-OPC-MAT GBV_ILN_11 GBV_ILN_2018 GBV_ILN_4277 |
| container_issue |
3 |
| title_short |
Latin Dances Reloaded: Improved Cryptanalysis Against Salsa and ChaCha, and the Proposal of Forró |
| url |
https://doi.org/10.1007/s00145-023-09455-5 |
| remote_bool |
false |
| author2 |
Passos, Iago Vásquez, Juan C. Grados Sarkar, Santanu de Mendonça, Fábio L. L. de Sousa, Rafael T. Borges, Fábio |
| author2Str |
Passos, Iago Vásquez, Juan C. Grados Sarkar, Santanu de Mendonça, Fábio L. L. de Sousa, Rafael T. Borges, Fábio |
| ppnlink |
129248827 |
| mediatype_str_mv |
n |
| isOA_txt |
false |
| hochschulschrift_bool |
false |
| doi_str |
10.1007/s00145-023-09455-5 |
| up_date |
2024-07-04T01:05:06.223Z |
| _version_ |
1803608503063937024 |
| fullrecord_marcxml |
<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01000naa a22002652 4500</leader><controlfield tag="001">OLC2144916101</controlfield><controlfield tag="003">DE-627</controlfield><controlfield tag="005">20240118101715.0</controlfield><controlfield tag="007">tu</controlfield><controlfield tag="008">240118s2023 xx ||||| 00| ||eng c</controlfield><datafield tag="024" ind1="7" ind2=" "><subfield code="a">10.1007/s00145-023-09455-5</subfield><subfield code="2">doi</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-627)OLC2144916101</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-He213)s00145-023-09455-5-p</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-627</subfield><subfield code="b">ger</subfield><subfield code="c">DE-627</subfield><subfield code="e">rakwb</subfield></datafield><datafield tag="041" ind1=" " ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="082" ind1="0" ind2="4"><subfield code="a">004</subfield><subfield code="q">VZ</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Coutinho, Murilo</subfield><subfield code="e">verfasserin</subfield><subfield code="0">(orcid)0000-0001-7545-5040</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Latin Dances Reloaded: Improved Cryptanalysis Against Salsa and ChaCha, and the Proposal of Forró</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="c">2023</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">Text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">ohne Hilfsmittel zu benutzen</subfield><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">Band</subfield><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">© International Association for Cryptologic Research 2023. Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Abstract In this paper, we present 4 major contributions to ARX ciphers and in particular, to the Salsa/ChaCha family of stream ciphers: We propose an improved differential-linear distinguisher against ChaCha. To do so, we propose a new way to approach the derivation of linear approximations by viewing the algorithm in terms of simpler subrounds. Using this idea, we show that it is possible to derive almost all linear approximations from previous works from just 3 simple rules. Furthermore, we show that with one extra rule, it is possible to improve the linear approximations proposed by Coutinho and Souza at Eurocrypt 2021 (Coutinho and Neto, in: Canteaut, Standaert (eds) Advances in cryptology—EUROCRYPT 2021—40th annual international conference on the theory and applications of cryptographic techniques, Zagreb, Croatia, October 17–21, 2021, proceedings, Part I. Lecture notes in computer science, vol 12696, Springer, 2021).We propose a technique called Bidirectional Linear Expansions (BLE) to improve attacks against Salsa. While previous works only considered linear expansions moving forward into the rounds, BLE explores the expansion of a single bit in both forward and backward directions. Applying BLE, we propose the first differential-linear distinguishers reaching 7 and 8 rounds of Salsa and we improve Probabilistic Neutral Bit (PNB) key-recovery attacks against 8 rounds of Salsa.At Eurocrypt 2022 (Dey et al in Revamped differential-linear cryptanalysis on reduced round chacha, Springer, 2022), Dey et al. proposed a technique to combine two input–output positions in a PNB attack. In this paper, we generalize this technique for an arbitrary number of input–output positions. Combining this approach with BLE, we are able to improve key recovery attacks against 7 rounds of Salsa.Using all the knowledge acquired studying the cryptanalysis of these ciphers, we propose some modifications in order to provide better diffusion per round and higher resistance to cryptanalysis, leading to a new stream cipher named Forró. We show that Forró has higher security margin; this allows us to reduce the total number of rounds while maintaining the security level, thus creating a faster cipher in many platforms, especially in constrained devices.Finally, we developed CryptDances, a new tool for the cryptanalysis of Salsa, ChaCha, and Forró designed to be used in high performance environments with several GPUs. With CryptDances it is possible to compute differential correlations, to derive new linear approximations for ChaCha automatically, to automate the computation of the complexity of PNB attacks, among other features. We make CryptDances available for the community at https://github.com/murcoutinho/cryptDances.</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Differential-linear cryptanalysis</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">ARX</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">ChaCha</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Salsa</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Forró</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Passos, Iago</subfield><subfield code="0">(orcid)0000-0002-6296-6041</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Vásquez, Juan C. Grados</subfield><subfield code="0">(orcid)0000-0002-3863-3714</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Sarkar, Santanu</subfield><subfield code="0">(orcid)0000-0001-6821-920X</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">de Mendonça, Fábio L. L.</subfield><subfield code="0">(orcid)0000-0001-7100-7304</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">de Sousa, Rafael T.</subfield><subfield code="0">(orcid)0000-0003-1101-3029</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Borges, Fábio</subfield><subfield code="0">(orcid)0000-0001-5159-9517</subfield><subfield code="4">aut</subfield></datafield><datafield tag="773" ind1="0" ind2="8"><subfield code="i">Enthalten in</subfield><subfield code="t">Journal of cryptology</subfield><subfield code="d">Springer US, 1988</subfield><subfield code="g">36(2023), 3 vom: 01. Mai</subfield><subfield code="w">(DE-627)129248827</subfield><subfield code="w">(DE-600)59383-7</subfield><subfield code="w">(DE-576)017944120</subfield><subfield code="x">0933-2790</subfield><subfield code="7">nnns</subfield></datafield><datafield tag="773" ind1="1" ind2="8"><subfield code="g">volume:36</subfield><subfield code="g">year:2023</subfield><subfield code="g">number:3</subfield><subfield code="g">day:01</subfield><subfield code="g">month:05</subfield></datafield><datafield tag="856" ind1="4" ind2="1"><subfield code="u">https://doi.org/10.1007/s00145-023-09455-5</subfield><subfield code="z">lizenzpflichtig</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_USEFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SYSFLAG_A</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_OLC</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SSG-OLC-MAT</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">SSG-OPC-MAT</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_11</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_2018</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">GBV_ILN_4277</subfield></datafield><datafield tag="951" ind1=" " ind2=" "><subfield code="a">AR</subfield></datafield><datafield tag="952" ind1=" " ind2=" "><subfield code="d">36</subfield><subfield code="j">2023</subfield><subfield code="e">3</subfield><subfield code="b">01</subfield><subfield code="c">05</subfield></datafield></record></collection>
|
| score |
7.4017677 |