Non-randomness in eSTREAM Candidates Salsa20 and TSC-4

@inproceedings{Fischer2006NonrandomnessIE,
  title={Non-randomness in eSTREAM Candidates Salsa20 and TSC-4},
  author={Simon Fischer and Willi Meier and C{\^o}me Berbain and Jean-François Biasse and Matthew J. B. Robshaw},
  booktitle={INDOCRYPT},
  year={2006}
}
Stream cipher initialisation should ensure that the initial state or keystream is not detectably related to the key and initialisation vector. In this paper we analyse the key/IV setup of the eSTREAM Phase 2 candidates Salsa20 and TSC-4. In the case of Salsa20 we demonstrate a key recovery attack on six rounds and observe non-randomness after seven. For TSC-4, non-randomness over the full eight-round initialisation phase is detected, but would also persist for more rounds. 
Highly Cited
This paper has 40 citations. REVIEW CITATIONS