Title: Theoretical analysis of biases in TLS encryption scheme Chacha 128

Authors: S.K. Karthika; Kunwar Singh

Addresses: Department of Computer Science and Engineering, National Institute of Technology, Tiruchirappalli, Tamilnadu, India ' Department of Computer Science and Engineering, National Institute of Technology, Tiruchirappalli, Tamilnadu, India

Abstract: Chacha is a software-oriented stream cipher designed by Bernstein (2008). Chacha is a Salsa variant that is eSTREAM project's finalist candidate. Google added Chacha and a message authentication code to their transport layer security (TLS) and datagram TLS (DTLS) protocols in 2016. Chacha has become an area of interest for cryptanalysis since its adoption by Google. Almost all the existing cryptanalysis is experimental. Experimental cryptanalysis identifies vulnerable areas of a cipher, whereas theoretical analysis helps in the development of possible countermeasures. Differential cryptanalysis is a cryptanalytic technique that helps in discovering distinguishers on stream ciphers. Recently, Dey and Sarkar (2021) have theoretically explored the reason behind distinguishers in Salsa and Chacha 256 stream cipher. Motivated by this work, we have theoretically analysed differential attacks on Chacha 128 (Chacha 256 variant) up to four rounds and we have the bias probabilities. Our theoretical analysis results match the experimental results.

Keywords: transport layer security; stream cipher; Chacha; theoretical analysis; differential cryptanalysis.

DOI: 10.1504/IJAHUC.2023.127765

International Journal of Ad Hoc and Ubiquitous Computing, 2023 Vol.42 No.1, pp.47 - 58

Received: 06 Dec 2021
Accepted: 18 Mar 2022
Published online: 16 Dec 2022 *