Heuristic search for non-linear cryptanalytic approximations

In this work, we show that heuristic techniques (particularly Simulated Annealing) can be successfully applied in the search of good non-linear approximations of cryptographic primitives. We also provide some experimental results, including two excellent non-linear approximations for the output of the Salsa20 stream cipher with 2 and 4 rounds. From these two approximations, very efficient distinguishers for Salsa20 could easily be obtained, leading to a much more practical attack that any other published so far against this cipher.