Find in Library

The Salsa20 stream cipher was designed by Bernstein in 2005 as a candidate for eSTREAM and Salsa20/12 was accepted in the eSTREAM software portfolio in 2008. In this paper, we present an improved related-cipher attack on Salsa20. If a secret key is used in Salsa20/12 and Salsa20/8 with 2 different IVs, we can recover the 256-bit secret key with time complexity of about 2^193.58, which improves the existing attack by a factor of 2^30.42. To the best of our knowledge, this is the best related-cipher attack on Salsa20 so far. Furthermore, we build a binary integer optimization model to search for the best related-cipher attack on Salsa20. The results show that our attack is the best related-cipher attack on Salsa20 in this model.