The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. ex. Some numerals are expressed as "XNUMX".
Copyrights notice
The original paper is in English. Non-English content has been machine-translated and may contain typographical errors or mistranslations. Copyrights notice
이 문서에서는 Salsa20 및 ChaCha 스트림 암호에 대한 기존 암호 분석 접근 방식에 대한 중요한 개선 사항을 소개합니다. 처음으로 우리는 Salsa20/8의 공격 복잡성을 가능한 최저 마진으로 줄였습니다. ChaCha7.25에 대한 공격을 도입했습니다. ChaCha7.25/20에 대한 첫 번째 공격입니다. 우리의 접근 방식에서는 PNB(확률적 중립 비트)에 대한 포괄적인 분석을 기반으로 Salsa20 및 ChaCha 스트림 암호의 차등 암호 분석을 연구했습니다. Salsa20 및 ChaCha 스트림 암호에 대한 기존 차등 암호 분석 접근법은 먼저 특정 입력 및 출력 차등 위치에서 차등 편향을 연구한 다음 다음을 검색합니다. 확률적 중립 비트. 그러나 이 방법으로 얻은 차등 바이어스와 PNB 세트가 암호에 대한 공격을 수행하는 데 항상 이상적인 조합은 아닙니다. 연구자들은 Salsa20 및 ChaCha 스트림 암호의 가능한 모든 내부 라운드에서 가능한 모든 출력 차이 위치와 관련된 모든 키 비트의 확률적 중립성 측정에 대한 포괄적인 분석에 초점을 맞추지 않았습니다. 더욱이 중립성 척도와 역쿼터 라운드 수 사이의 관계는 아직 면밀히 조사되지 않았습니다. 이러한 학습 공백을 해결하기 위해 우리는 다음을 연구합니다. 확률론적 중립비트 종합분석을 기반으로 한 차등암호분석 축소 라운드 Salsa20 및 ChaCha에서. 먼저 256개 키 비트 위치의 중립성 측정을 종합적으로 분석합니다. 그런 다음, 평균 중립성 측정이 가장 좋은 출력 차이 비트 위치를 선택하고 차동 바이어스가 가장 좋은 해당 입력 차동을 찾습니다. 모든 측면을 고려하여 우리는 시간 복잡도가 20인 Salsa8/2에 대한 공격을 제시합니다.241.62 데이터 복잡성은 2입니다.31.5이는 Salsa20/8에 대한 가장 잘 알려진 단일 비트 차등 공격이며, 시간 복잡도가 7.25인 ChaCha2 라운드에 대한 공격을 도입했습니다.254.011 데이터 복잡성은 2입니다.51.81.
Nasratullah GHAFOORI
Osaka University
Atsuko MIYAJI
Osaka University
Ryoma ITO
National Institute of Information and Communications Technology
Shotaro MIYASHITA
Osaka University
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
부
Nasratullah GHAFOORI, Atsuko MIYAJI, Ryoma ITO, Shotaro MIYASHITA, "PNB Based Differential Cryptanalysis of Salsa20 and ChaCha" in IEICE TRANSACTIONS on Information,
vol. E106-D, no. 9, pp. 1407-1422, September 2023, doi: 10.1587/transinf.2022ICP0015.
Abstract: This paper introduces significant improvements over the existing cryptanalysis approaches on Salsa20 and ChaCha stream ciphers. For the first time, we reduced the attack complexity on Salsa20/8 to the lowest possible margin. We introduced an attack on ChaCha7.25. It is the first attack of its type on ChaCha7.25/20. In our approach, we studied differential cryptanalysis of the Salsa20 and ChaCha stream ciphers based on a comprehensive analysis of probabilistic neutral bits (PNBs). The existing differential cryptanalysis approaches on Salsa20 and ChaCha stream ciphers first study the differential bias at specific input and output differential positions and then search for probabilistic neutral bits. However, the differential bias and the set of PNBs obtained in this method are not always the ideal combination to conduct the attack against the ciphers. The researchers have not focused on the comprehensive analysis of the probabilistic neutrality measure of all key bits concerning all possible output difference positions at all possible internal rounds of Salsa20 and ChaCha stream ciphers. Moreover, the relationship between the neutrality measure and the number of inverse quarter rounds has not been scrutinized yet. To address these study gaps, we study the differential cryptanalysis based on the comprehensive analysis of probabilistic neutral bits on the reduced-round Salsa20 and ChaCha. At first, we comprehensively analyze the neutrality measure of 256 key bits positions. Afterward, we select the output difference bit position with the best average neutrality measure and look for the corresponding input differential with the best differential bias. Considering all aspects, we present an attack on Salsa20/8 with a time complexity of 2241.62 and data complexity of 231.5, which is the best-known single bit differential attack on Salsa20/8 and then, we introduced an attack on ChaCha7.25 rounds with a time complexity of 2254.011 and data complexity of 251.81.
URL: https://global.ieice.org/en_transactions/information/10.1587/transinf.2022ICP0015/_p
부
@ARTICLE{e106-d_9_1407,
author={Nasratullah GHAFOORI, Atsuko MIYAJI, Ryoma ITO, Shotaro MIYASHITA, },
journal={IEICE TRANSACTIONS on Information},
title={PNB Based Differential Cryptanalysis of Salsa20 and ChaCha},
year={2023},
volume={E106-D},
number={9},
pages={1407-1422},
abstract={This paper introduces significant improvements over the existing cryptanalysis approaches on Salsa20 and ChaCha stream ciphers. For the first time, we reduced the attack complexity on Salsa20/8 to the lowest possible margin. We introduced an attack on ChaCha7.25. It is the first attack of its type on ChaCha7.25/20. In our approach, we studied differential cryptanalysis of the Salsa20 and ChaCha stream ciphers based on a comprehensive analysis of probabilistic neutral bits (PNBs). The existing differential cryptanalysis approaches on Salsa20 and ChaCha stream ciphers first study the differential bias at specific input and output differential positions and then search for probabilistic neutral bits. However, the differential bias and the set of PNBs obtained in this method are not always the ideal combination to conduct the attack against the ciphers. The researchers have not focused on the comprehensive analysis of the probabilistic neutrality measure of all key bits concerning all possible output difference positions at all possible internal rounds of Salsa20 and ChaCha stream ciphers. Moreover, the relationship between the neutrality measure and the number of inverse quarter rounds has not been scrutinized yet. To address these study gaps, we study the differential cryptanalysis based on the comprehensive analysis of probabilistic neutral bits on the reduced-round Salsa20 and ChaCha. At first, we comprehensively analyze the neutrality measure of 256 key bits positions. Afterward, we select the output difference bit position with the best average neutrality measure and look for the corresponding input differential with the best differential bias. Considering all aspects, we present an attack on Salsa20/8 with a time complexity of 2241.62 and data complexity of 231.5, which is the best-known single bit differential attack on Salsa20/8 and then, we introduced an attack on ChaCha7.25 rounds with a time complexity of 2254.011 and data complexity of 251.81.},
keywords={},
doi={10.1587/transinf.2022ICP0015},
ISSN={1745-1361},
month={September},}
부
TY - JOUR
TI - PNB Based Differential Cryptanalysis of Salsa20 and ChaCha
T2 - IEICE TRANSACTIONS on Information
SP - 1407
EP - 1422
AU - Nasratullah GHAFOORI
AU - Atsuko MIYAJI
AU - Ryoma ITO
AU - Shotaro MIYASHITA
PY - 2023
DO - 10.1587/transinf.2022ICP0015
JO - IEICE TRANSACTIONS on Information
SN - 1745-1361
VL - E106-D
IS - 9
JA - IEICE TRANSACTIONS on Information
Y1 - September 2023
AB - This paper introduces significant improvements over the existing cryptanalysis approaches on Salsa20 and ChaCha stream ciphers. For the first time, we reduced the attack complexity on Salsa20/8 to the lowest possible margin. We introduced an attack on ChaCha7.25. It is the first attack of its type on ChaCha7.25/20. In our approach, we studied differential cryptanalysis of the Salsa20 and ChaCha stream ciphers based on a comprehensive analysis of probabilistic neutral bits (PNBs). The existing differential cryptanalysis approaches on Salsa20 and ChaCha stream ciphers first study the differential bias at specific input and output differential positions and then search for probabilistic neutral bits. However, the differential bias and the set of PNBs obtained in this method are not always the ideal combination to conduct the attack against the ciphers. The researchers have not focused on the comprehensive analysis of the probabilistic neutrality measure of all key bits concerning all possible output difference positions at all possible internal rounds of Salsa20 and ChaCha stream ciphers. Moreover, the relationship between the neutrality measure and the number of inverse quarter rounds has not been scrutinized yet. To address these study gaps, we study the differential cryptanalysis based on the comprehensive analysis of probabilistic neutral bits on the reduced-round Salsa20 and ChaCha. At first, we comprehensively analyze the neutrality measure of 256 key bits positions. Afterward, we select the output difference bit position with the best average neutrality measure and look for the corresponding input differential with the best differential bias. Considering all aspects, we present an attack on Salsa20/8 with a time complexity of 2241.62 and data complexity of 231.5, which is the best-known single bit differential attack on Salsa20/8 and then, we introduced an attack on ChaCha7.25 rounds with a time complexity of 2254.011 and data complexity of 251.81.
ER -