paper
title
Non-randomness in eSTREAM Candidates Salsa20 and TSC-4.
authors
Simon Fischer, Willi Meier, Côme Berbain, Jean-François Biasse, Matt Robshaw.
publication
In R. Barua and T. Lange, editors, Progress in Cryptology - INDOCRYPT 2006, 7th International Conference on Cryptology in India, Kolkata, India, December 11-13, 2006. Proceedings, volume 4329 of Lecture Notes in Computer Science, pages 2-16. Springer-Verlag, 2006.
abstract
Stream cipher initialisation should ensure that the initial state or keystream is not detectably related to the key and initialisation vector. In this paper we analyze the key/IV setup of the eSTREAM Phase 2 candidates Salsa20 and TSC-4. In the case of Salsa20 we demonstrate a key recovery attack on six rounds and observe non-randomness after seven. For TSC-4, non-randomness over the full eight-round initialisation phase is detected, but would also persist for more rounds.