The Salsa20 Family of Stream Ciphers

Salsa20 is a family of 256-bit stream ciphers designed in 2005 and submitted to eSTREAM, the ECRYPT Stream Cipher Project. Salsa20 has progressed to the third round of eSTREAM without any changes. The 20-round stream cipher Salsa20/20 is consistently faster than AES and is recommended by the designer for typical cryptographic applications. The reduced-round ciphers Salsa20/12 and Salsa20/8 are among the fastest 256-bit stream ciphers available and are recommended for applications where speed is more important than confidence. The fastest known attacks use ≈ 2153simple operations against Salsa20/7, ≈ 2249simple operations against Salsa20/8, and ≈ 2255simple operations against Salsa20/9, Salsa20/10, etc. In this paper, the Salsa20 designer presents Salsa20 and discusses the decisions made in the Salsa20 design.

[1]  Thomas Johansson Fast Software Encryption: 10th International Workshop, FSE 2003, LUND, Sweden, February 24-26, 2003, Revised Papers , 2003 .

[2]  Paul Crowley Truncated differential cryptanalysis of five rounds of Salsa20 , 2005, IACR Cryptol. ePrint Arch..

[3]  Roger M. Needham,et al.  TEA, a Tiny Encryption Algorithm , 1994, FSE.

[4]  Shai Halevi,et al.  MARS - a candidate cipher for AES , 1999 .

[5]  Daniel J. Bernstein,et al.  The Poly1305-AES Message-Authentication Code , 2005, FSE.

[6]  Xuejia Lai,et al.  Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[7]  Daniel J. Bernstein,et al.  Cache-timing attacks on AES , 2005 .

[8]  Aggelos Kiayias,et al.  Traceable Signatures , 2004, EUROCRYPT.

[9]  Bruce Schneier,et al.  Helix: Fast Encryption and Authentication in a Single Cryptographic Primitive , 2003, FSE.

[10]  Helena Handschuh,et al.  Fast Software Encryption: 12th International Workshop, FSE 2005, Paris, France, February 21-23, 2005, Revised Selected Papers , 2005, FSE.

[11]  Elaine B. Barker,et al.  Report on the Development of the Advanced Encryption Standard (AES) , 2001, Journal of research of the National Institute of Standards and Technology.

[12]  Mitsuru Matsui,et al.  On the Power of Bitslice Implementation on Intel Core2 Processor , 2007, CHES.

[13]  Johann Großschädl,et al.  Cryptographic Hardware and Embedded Systems --- CHES 2007 , 2007 .

[14]  Shahram Khazaei,et al.  New Features of Latin Dances: Analysis of Salsa, ChaCha, and Rumba , 2008, FSE.

[15]  Willi Meier,et al.  Non-randomness in eSTREAM Candidates Salsa20 and TSC-4 , 2006, INDOCRYPT.

[16]  B. Preneel Fast Software Encryption: Second International Workshop, Leuven, Belgium, December 14-16, 1994. Proceedings , 1995 .