Extending the Salsa20 nonce

Extending the Salsa20 nonce

Cached

Download Links

by Daniel J. Bernstein

BibTeX

@MISC{Bernstein_extendingthe,
    author = {Daniel J. Bernstein},
    title = {Extending the Salsa20 nonce},
    year = {}
}

Bookmark

OpenURL

Abstract

Abstract. This paper introduces the XSalsa20 stream cipher. XSalsa20 is based upon the Salsa20 stream cipher but has a much longer nonce: 192 bits instead of 64 bits. XSalsa20 has exactly the same streaming speed as Salsa20, and its extra nonce-setup cost is slightly smaller than the cost of generating one block of Salsa20 output. This paper proves that XSalsa20 is secure if Salsa20 is secure: any successful fast attack on XSalsa20 can be converted into a successful fast attack on Salsa20.

Citations

163	The security of the cipher block chaining message authentication code - Bellare, Kilian, et al.
137	The security of cipher block chaining - Bellare, Kilian, et al. - 1994
79	Pseudorandom Functions Revisited: The Cascade Construction and its Concrete Security - Bellare, Canetti, et al. - 1996
46	A block-cipher mode of operation for parallelizable message authentication - Black, Rogaway - 2002
24	UMAC: Message authentication code using universal hashing - Krovetz
20	Indistinguishability of random systems - Maurer - 2002
18	How to stretch random functions: the security of protected counter sums - Bernstein - 1999
16	Stronger Security Bounds for Wegman-Carter-Shoup Authenticators - Bernstein - 2005
16	Kaoru Kurosawa, OMAC: one-key CBC - Iwata
13	Improved security analyses for CBC MACs - Bellare, Pietrzak, et al. - 2005
12	Truncated differential cryptanalysis of five rounds of Salsa20 - Crowley
8	C.: New Features of Latin Dances: Analysis of - Aumasson, Fischer, et al. - 2008
7	A short proof of the unpredictability of cipher block chaining (2005). URL: http://cr.yp.to/papers.html#easycbc. Citations in this document: §1 - Bernstein
6	Plaintext-recovery attacks against datagram TLS. http://www.isg.rhul.ac.uk/~kp/dtls.pdf - Alfardan, Paterson
5	The Salsa20 family of stream ciphers - Bernstein - 2008
5	and Tanja Lange (editors). eBACS: ECRYPT benchmarking of cryptographic systems - Bernstein
4	A simple and unified method of proving indistinguishability - Nandi - 2006
3	Salsa20 specification (2005). URL: http://cr.yp.to/ snuffle.html. Citations in this document - Bernstein
3	PRF Domain Extension Using DAGs - Jutla - 2006
3	TMAC: Two-key CBC - Kurosawa, Iwata - 2003
1	Understanding brute force, ECRYPT STVL Workshop on Symmetric Key Encryption (2005). URL: http://cr.yp.to/papers. html#bruteforce. Citations in this document: §1 - Bernstein
1	Response to ‘Slid pairs - Bernstein
1	Tal Rabin (editors), Theory of cryptography, third theory of cryptography conference, TCC 2006 - Halevi
1	Citations in this document: §1 - html
1	editor), Advances in cryptology—EUROCRYPT 2002, international conference on the theory and applications of cryptographic techniques - Knudsen
1	Biryukov, Slid pairs - Priemuth-Schmid, Alex
1	Citations in this document - html
1	Rogaway, Improved security analyses for CBC MACs, in [40] (2005), 527–545; see also newer version [12]. the Salsa20 nonce 13 - Bellare, Pietrzak, et al.