ROTATIONAL ANALYSIS OF CHACHA PERMUTATION

被引：5

作者：

Barbero, Stefano ^{[1
]}

Bellini, Emanuele ^{[2
]}

Makarim, Rusydi H. ^{[2
]}

机构：

[1] Politecn Torino, Dept Math, Turin, Italy

[2] Technol Innovat Inst, Cryptog Res Ctr, Abu Dhabi, U Arab Emirates

来源：

ADVANCES IN MATHEMATICS OF COMMUNICATIONS | 2023年 / 17卷 / 06期

关键词：

ChaCha20; Stream Cipher; Rotational cryptanalysis; Permutation; Distinguisher;

D O I：

10.3934/amc.2021057

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

We show that the underlying permutation of ChaCha20 stream cipher does not behave as a random permutation for up to 17 rounds with respect to rotational cryptanalysis. In particular, we derive a lower and an upper bound for the rotational probability through ChaCha quarter round, we show how to extend the bound to a full round and then to the full permutation. The obtained bounds show that the probability to find what we call a parallel rotational collision is, for example, less than 2-505 for 17 rounds of ChaCha permutation, while for a random permutation of the same input size, this probability is 2-511. We remark that our distinguisher is not an attack against the ChaCha20 stream cipher, but rather a theoretical analysis of its internal permutation from the point of view of rotational cryptanalysis. Whenever possible, our claims are supported by experiments.

引用

页码：1422 / 1439

页数：18

共 14 条

[1] Aumasson J.-P., 2013, BLAKE2: Simpler, Smaller, Fast as MD5, P119, DOI [10.1007/978-3-642-38980-, DOI 10.1007/978-3]
[2] Bernstein, 2007, ECRYPT WORKSH HASH F
[3] Bernstein D. J., SALSA20 SPECIFICATIO
[4] Bernstein D.J., 2005, SALSA20 SECURITY
[5] Bernstein D. J., 2008, PROC WORKSHOP REC SA, V8, P35
[6] SPHINCS: Practical Stateless Hash-Based Signatures
Bernstein, Daniel J.
Hopwood, Daira
Hulsing, Andreas
Lange, Tanja
Niederhagen, Ruben
Papachristodoulou, Louiza
Schneider, Michael
Schwabe, Peter
Wilcox-O'Hearn, Zooko
[J]. ADVANCES IN CRYPTOLOGY - EUROCRYPT 2015, PT I, 2015, 9056 : 368 - 397
[7] Bernstein DJ, 2008, LECT NOTES COMPUT SC, V4986, P84
[8] Charalambides C., 2002, CRC DISCR MATH APPL
[9] Can a Differential Attack Work for an Arbitrarily Large Number of Rounds?
Courtois, Nicolas T.
Quisquater, Jean-Jacques
[J]. INFORMATION SECURITY AND CRYPTOLOGY, ICISC 2020, 2021, 12593 : 157 - 181
[10] Daum M., 2005, THESIS RUHR U BOCHUM

← 1 2 →