Salsa20

Encyclopedia : S : SA : SAL : Salsa20

---

Salsa20 is a stream cipher submitted to eSTREAM by Daniel Bernstein. It is built on a pseudorandom function based on 32-bit addition, bitwise addition (XOR) and rotation operations, which maps a 256-bit key, a 64-bit nonce, and a 64-bit stream position to a 512-bit output; this gives Salsa20 the unusual advantage that the user can efficiently seek to any position in the output stream. It offers speeds of around 8-14 cycles/byte in software on modern x86 processors, and reasonable hardware performance. It is not patented, and Bernstein has written several public domain implementations optimized for common architectures [link].

Internally, the cipher uses bitwise addition (exclusive OR), 32-bit addition mod 2³², and constant-distance rotation operations on an internal state of 16 32-bit words. This choice of operations avoids the possibility of timing attacks in software implementations.

Salsa20 performs 20 rounds of mixing on its input; however, reduced round variants Salsa20/8 and Salsa20/12 using 8 and 12 rounds respectively have also been introduced. These variants were introduced to complement the original Salsa20, not to replace it, and perform even better in the eSTREAM benchmarks than the already competitive Salsa20.

As of 2005, no cryptanalytic attacks against Salsa20 have been recognised. The best result known breaks five of Salsa20's twenty rounds with differential cryptanalysis ^{[#endnote_tdc]}; this attack won the US$1000 prize offered by Bernstein in May 2005 for "most interesting Salsa20 cryptanalysis".

Li An-Ping (author of the eSTREAM entrant DICING) has made two attempts to attack the cipher with linear cryptanalysis, but his claims have not been accepted, drawing only strong criticism from Bernstein [link] and skepticism from others [link].

Salsa20 has been selected as Phase 2 Focus design for Profile 1 (software) and as a Phase 2 design for Profile 2 (hardware) by the eSTREAM project [link].

References

• ↑  Paul Crowley, [Truncated differential cryptanalysis of five rounds of Salsa20]

External links

• [Salsa20 home page]
• [Specification] (PDF)
• [Salsa20/8 and Salsa20/12] (PDF)
• [eStream page on Salsa20]
• [Disproof of Li An-Ping's claims regarding Salsa20]
• [Discussion of Li An-Ping's attacks in the eStream phorum]

Stream ciphers [edit]

Algorithms: A5/1 | A5/2 | FISH | Grain | HC-256 | ISAAC | MUGI | Panama | Phelix | Pike | Py | Rabbit | RC4 | Salsa20 | Scream | SEAL | SOBER | SOBER-128 | SOSEMANUK | Trivium | VEST | WAKE

Theory: Shift register | LFSR | NLFSR | Shrinking generator

Misc: eSTREAM

 

---

From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.

Search Titles

0

1

2

3

4

5

6

7

8

9

A

B

C

D

E

F

G

H

I

J

K

L

M

N

O

P

Q

R

S

T

U

V

W

X

Y

Z

?