Article: Analysing theoretical and neural distinguishers in Salsa 128 bits Journal: International Journal of Ad Hoc and Ubiquitous Computing (IJAHUC) 2025 Vol.49 No.1 pp.43 - 59 Abstract: One of the finalists for the eSTREAM projects in 2005 was Salsa, created by Daniel J. Bernstein. Salsa is a widely recognised stream cipher that gained prominence after multiple cryptanalytic techniques were applied to the popular stream cipher RC4. Salsa offers two variations, with key sizes of 128 bits and 256 bits, depending on the seed key's length. Salsa has undergone multiple key recovery attacks, particularly targeting the 256-bit variant, reaching up to its eighth round. Additionally, numerous experimental attacks have been conducted on Salsa, leaving room for further theoretical analysis. Theoretical analysis plays a crucial role in identifying vulnerable aspects of the cipher, enabling the design of stronger ciphers that are resistant to attacks. In a study by Dey and Sarkar (2021), they conducted a theoretical analysis to examine the origins of distinguishers found in experimental attacks on Salsa 256 bits and Chacha 256 bits. Inspired by their work, our paper focuses on the theoretical analysis of a differential attack on Salsa 128 bits, specifically up to four rounds. We mathematically established the probabilities of various observations and our theoretical analysis aligns with the experimental findings for Salsa 128 bits. Further, we have also found neural distinguisher for Salsa 128 bits based on the model proposed by Gohr (2019) in CRYPTO 2019. The designed model has found neural distinguishers at round 4 with 72.1% accuracy. Inderscience Publishers - linking academia, business and industry through research

Title: Analysing theoretical and neural distinguishers in Salsa 128 bits

Authors: S.K. Karthika; Kunwar Singh

Addresses: Department of Computer Science and Engineering, Vellore Institute of Technology, Chennai, Tamilnadu, India ' Department of Computer Science and Engineering, National Institute of Technology, Tiruchirappalli, Tamilnadu, India

Abstract: One of the finalists for the eSTREAM projects in 2005 was Salsa, created by Daniel J. Bernstein. Salsa is a widely recognised stream cipher that gained prominence after multiple cryptanalytic techniques were applied to the popular stream cipher RC4. Salsa offers two variations, with key sizes of 128 bits and 256 bits, depending on the seed key's length. Salsa has undergone multiple key recovery attacks, particularly targeting the 256-bit variant, reaching up to its eighth round. Additionally, numerous experimental attacks have been conducted on Salsa, leaving room for further theoretical analysis. Theoretical analysis plays a crucial role in identifying vulnerable aspects of the cipher, enabling the design of stronger ciphers that are resistant to attacks. In a study by Dey and Sarkar (2021), they conducted a theoretical analysis to examine the origins of distinguishers found in experimental attacks on Salsa 256 bits and Chacha 256 bits. Inspired by their work, our paper focuses on the theoretical analysis of a differential attack on Salsa 128 bits, specifically up to four rounds. We mathematically established the probabilities of various observations and our theoretical analysis aligns with the experimental findings for Salsa 128 bits. Further, we have also found neural distinguisher for Salsa 128 bits based on the model proposed by Gohr (2019) in CRYPTO 2019. The designed model has found neural distinguishers at round 4 with 72.1% accuracy.

Keywords: stream cipher; Salsa; cryptanalysis; differential attack; theoretical analysis; deep learning.

DOI: 10.1504/IJAHUC.2025.146120

International Journal of Ad Hoc and Ubiquitous Computing, 2025 Vol.49 No.1, pp.43 - 59

Received: 03 Aug 2023
Accepted: 28 Oct 2024
Published online: 07 May 2025 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Analysing theoretical and neural distinguishers in Salsa 128 bits

Keep up-to-date