Portal de Periódicos da CAPES

On the Salsa20 Core Function

2008; Springer Science+Business Media; Linguagem: Inglês

10.1007/978-3-540-71039-4_29

1611-3349

Julio Hernández-Castro, Juan Tapiador, Jean-Jacques Quisquater,

Physical Unclonable Functions (PUFs) and Hardware Security

In this paper, we point out some weaknesses in the Salsa20 core function that could be exploited to obtain up to 231 collisions for its full (20 rounds) version. We first find an invariant for its main building block, the quarterround function, that is then extended to the rowround and columnround functions. This allows us to find an input subset of size 232 for which the Salsa20 core behaves exactly as the transformation f(x) = 2x. An attacker can take advantage of this for constructing 231 collisions for any number of rounds. We finally show another weakness in the form of a differential characteristic with probability one that proves that the Salsa20 core does not have 2 nd preimage resistance.