Computer Engineering & Science >
Differential Fault Analysis of Salsa20
Received date: 2010-06-17
Revised date: 2010-10-08
Online published: 2011-03-25
Salsa20 is one of the finalists of the eSTREAM project. Its main feature is using the ARX operations (i.e. addition, rotation, and xor on 32bit words) to achieve good confusion and diffusion effects. At present, many cryptanalytic results on it are statistical cryptanalysis and differential cryptanalysis. In this paper, we further investigate a differential fault analysis of Salsa20/256. By adopting a random fault word model, when inducing 96 faults,the 186 bit key can be recovered with a probability close to 1,accordingly the complexity of recovering the full key bits of Salsa20/256 can be reduced to 270, which implies that Salsa20/256 is sensitive to the differential fault analasis.
SHEN Yancheng1,XIE Duanqiang1,LI Chao1,2 . Differential Fault Analysis of Salsa20[J]. Computer Engineering & Science, 2011 , 33(3) : 7 -12 . DOI: 10.3969/j.issn.1007130X.2011.
[1]Biham E,Shamir A. Differential Fault Analysis of Secret Key Cryptosystems[C]∥Proc of CRYPTO’97,1997:513525.
[2]Piret G, Quisquater J J. A Differential Fault Attack Technique Against SPN Structures, with Application to the AES and Khazad[C]∥Proc of CHES’03,2003:7788.
[3]Mukhopadhyay D. An Improved Fault Based Attack of the Advanced Encryption Standard[C]∥Proc of AFRICACRYPT’09, 2009:421434.
[4]Zhou Yongbin, Wu Wengling, Xu Nannan, et al. Differential Fault Attack on Camellia[J]. Chinese Journal of Electronics, 2009,18(1)1319.
[5]Zhang Lei, Wu Wenling. Differential Fault Analysis on SMS4[J]. Chinese Journal of Computers, 2006,29(9):15961602.
[6]Li Wei, Gu Dawu, Li Juanru. Differential Fault Analysis on the ARIA Algorithm[J].Information Sciences,2008,178(19):37273737.
[7]Hoch J, Shamir A. Fault Analysis of Stream Ciphers[C]∥Proc of CHES’04,2004:240253.
[8]Biham E, Granboulan L, Nguyen P Q. Impossible Fault Analysis of RC4 and Differential Fault Analysis of RC4[C]∥Proc of FSE’05,2005:359367.
[9]Hojs′1k M, Rudolf B. Differential Fault Analysis of Trivium[C]∥Proc of FSE’08, 2008:158172.
[10]Hojs′1k M, Rudolf B. Floating Fault Analysis of Trivium[C]∥Proc of INDOCRYPT’08,2008:239250.
[11]Hu Yupu, Gao Juntao,Liu Qing. Hard Fault Analysis of Trivium[EB/OL].[20090510].http://eprint.iacr.org/2009/333.
[12]Kircanski A,Youssef A M.Differential Fault Analysis of Rabbit[C]∥Proc of SAC’09, 2009:197214.
[13]Bernstein D J.Salsa20[R].Technical Report 2005/025, eSTREAM ECRYPT Stream Cipher Project,2005.
[14]Fischer S, Meier W, Berbain C, et al.NonRandomness in eSTREAM Candidates Salsa20 and TSC4[C]∥Proc of INDOCRYPT’06, 2006:216.
[15]PriemuthSchmid D,Biryukov A.Slid Pairs in Salsa20 and Trivium[C]∥Proc of LNCS’08, 2008:114.
[16]Crowley P.Truncated Differential Cryptanalysis of Five Rounds of Salsa20[R].Report 2005/073,eSTREAM, ECRYPT Stream Cipher Project,2005.
[17]Tsunoo Y, Saito T, Kubo H, et al.Differential Cryptanalysis of Salsa20/8.SASC 2007The State of the Art of Stream Ciphers, 2007.
[18]Aumasson J P, Fischer S, Khazaei S, et al.New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba[C]∥Proc of FSE’08, 2008:11481158.
[19]李申华. 对称密码算法ARIA和SALSA20的安全性分析:[博士学位论文][D].济南:山东大学, 2008.
[20]Li Ruilin, Li Chao, Gong Chunye.Differential Fault Analysis on SHACAL1[C]∥Proc of Workshop on Fault Diagnosis and Tolerance in Cryptography,2009:120160.
/
| 〈 |
|
〉 |