Salsa and ChaCha! This is no Dance!

Security for computers and other smart devices is very important as such systems are susceptible to attacks. To make systems safe, encryption is done so that hackers and other attackers are unable to break open a system and steal information.

Cryptanalysis is the study of how a system can be broken into. The experts in this field study ciphers, which are basically algorithms that are used to encrypt or protect a system. An algorithm is a set of instructions that are given to a machine and the machine follows the instructions or steps so that nobody can penetrate its system. Cryptanalysis is studied to see if there is any way that a cipher can be penetrated. This is important so that before the actual attackers find some weakness and break into a system, we can find out that weakness and take the countermeasure.

Symmetric key ciphers are those that use the same cryptographic keys for both encryption and decryption. Decryption is the method of unlocking a cryptographic cipher. The authors of this paper, Prof. Sabyasachi Dey, from the Department of Mathematics, Birla Institute of Technology and Science Pilani, Hyderabad, and Prof. Santanu Sarkar, from the Department of Mathematics, IIT Madras, stress on the importance of theoretical knowledge of how to attack an algorithm using distinguishers.

In this paper, Salsa and ChaCha, two software-oriented stream ciphers are studied, and a theoretical analysis was done to attack the 8th round of the Salsa cipher, and the 7th round of the ChaCha cipher. Stream ciphers are symmetric key ciphers that use digits or numerals for encryption as well as for decryption.

The Salsa and ChaCha ciphers were created in 2005 and 2008 respectively by D. Bernstein. ChaCha cipher, combined with a Message Authentication Code, Poly- 1305, has been adopted by Google in 2016 for its security protocol, TLS.  Adopting this combination has improved the traffic security on the chrome browsers on mobiles and the Google websites. The web browser, Mozilla, has also adopted this combination in their network security protocol.

The authors of this paper stress that theoretical knowledge is necessary to understand any event in cryptanalysis. The distinguishers have a huge contribution to the cryptanalysis of these two ciphers. The distinguishers were till now only experimental observations. The authors have studied those in depth, and provided the mechanism of how the difference propagates from the beginning to the end of the ciphers. It is hoped that this work would give a better idea of whether any better distinguisher is possible to be constructed for these ciphers. This would be an interesting line of research in the future.

Prof. Subhamoy Maitra, Professor and Head, Applied Statistics Unit, Indian Statistical Institute, Kolkata, reminisced and appreciated the efforts of the two mathematicians by giving the following comments: “We are working on stream cipher cryptanalysis for quite some time that has been initiated in Indian Statistical Institute Kolkata around 1997. Santanu joined us a decade later, and his PhD under my supervision was in the broad area of public key cryptanalysis. However, he also collaborated in stream cipher cryptanalysis and together we could show certain results on RC4 stream cipher that had serious implications in making the famous cipher replaced from the application domain. In replacing RC4, a family of software stream ciphers (2008, ARX based, with names borrowed from Latin Dances 😉 was being studied, proposed by the famous cryptologist Daniel J. Bernstein). Among them ChaCha has been accepted as a standard later (2014). From the initial design itself, we were working on cryptanalysis (this does not mean complete break, but implies weaknesses on reduced versions to analyze the strength) of this family. After joining IIT Madras, Santanu independently studied this domain with his research collaborators and produced very interesting results. The present work under discussion theoretically justifies certain experimental observations that took quite some time to understand properly. While this work does not imply any security threat on the cipher, it helps in theoretically understanding the design in a more structured manner. I believe more results in this direction will follow from Santanu’s group.”

Article by Akshay Anantharaman
Here is the original link to the paper:


Leave a Reply

Your email address will not be published. Required fields are marked *