On the Salsa20 Core Function

@inproceedings{Castro2008OnTS,
  title={On the Salsa20 Core Function},
  author={Julio C{\'e}sar Hern{\'a}ndez Castro and Juan E. Tapiador and Jean-Jacques Quisquater},
  booktitle={FSE},
  year={2008}
}
In this paper, we point out some weaknesses in the Salsa20 core function that could be exploited to obtain up to 2 collisions for its full (20 rounds) version. We first find an invariant for its main building block, the quarterround function, that is then extended to the rowround and columnround functions. This allows us to find an input subset of size 2 for which the Salsa20 core behaves exactly as the transformation f(x) = 2x. An attacker can take advantage of this for constructing 2… CONTINUE READING

From This Paper

Topics from this paper.

References

Publications referenced by this paper.
Showing 1-10 of 10 references

The Salsa20 Hash Function is Not Collision-Free June

  • M. Robshaw
  • 2005
Highly Influential
4 Excerpts

Message from discussion “Re-rolled Salsa-20 function

  • D. Wagner
  • in the sci.crypt newsgroup on September
  • 2005
2 Excerpts

The Salsa20 Stream Cipher

  • D. J. Bernstein
  • SKEW
  • 2005
1 Excerpt

An RC4 Cycle that Cant Happen

  • H. Finney
  • sci.crypt newsgroup
  • 1994
3 Excerpts

Robshaw . “ The Salsa 20 Hash Function is Not Collision - Free ”

  • H. Kubo, T. Suzaki, H. Nakashima

Similar Papers

Loading similar papers…