Rotational analysis of ChaCha permutation

by   Stefano Barbero, et al.

We show that the underlying permutation of ChaCha20 stream cipher does not behave as a random permutation for up to 17 rounds with respect to rotational cryptanalysis. In particular, we derive a lower and an upper bound for the rotational probability through ChaCha quarter round, we show how to extend the bound to a full round and then to the full permutation. The obtained bounds show that the probability to find what we call a parallel rotational collision is, for example, less than 2^-488 for 17 rounds of ChaCha permutation, while for a random permutation of the same input size, this probability is 2^-511. We remark that our distinguisher is not an attack to ChaCha20 stream cipher, but rather a theoretical analysis of its internal permutation from the point of view of rotational cryptanalysis.



page 1

page 2

page 3

page 4


Simulation by Rounds of Letter-to-Letter Transducers

Letter-to-letter transducers are a standard formalism for modeling react...

Symmetries: From Proofs To Algorithms And Back

We call an objective function or algorithm symmetric with respect to an ...

Combinatorial Communication in the Locker Room

The reader may be familiar with various problems involving prisoners and...

On the primitivity of Lai-Massey schemes

In symmetric cryptography, the round functions used as building blocks f...

Bucket Oblivious Sort: An Extremely Simple Oblivious Sort

We propose a conceptually simple oblivious sort and oblivious random per...

In-place implementation of Quantum-Gimli

We present an in-place implementation of the Gimli permutation, a NIST r...

On the Joint Typicality of Permutations of Sequences of Random Variables

Permutations of correlated sequences of random variables appear naturall...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.