Options
Santanu Sarkar
Loading...
Preferred name
Santanu Sarkar
Official Name
Santanu Sarkar
Alternative Name
Sarkar, Santanu
Main Affiliation
Email
ORCID
Scopus Author ID
Google Scholar ID
7 results
Now showing 1 - 7 of 7
- PublicationLatin Dances Reloaded: Improved Cryptanalysis Against Salsa and ChaCha, and the Proposal of Forró(01-07-2023)
;Coutinho, Murilo ;Passos, Iago ;Vásquez, Juan C.Grados; ;de Mendonça, Fábio L.L. ;de Sousa, Rafael T.Borges, FábioIn this paper, we present 4 major contributions to ARX ciphers and in particular, to the Salsa/ChaCha family of stream ciphers: (a)We propose an improved differential-linear distinguisher against ChaCha. To do so, we propose a new way to approach the derivation of linear approximations by viewing the algorithm in terms of simpler subrounds. Using this idea, we show that it is possible to derive almost all linear approximations from previous works from just 3 simple rules. Furthermore, we show that with one extra rule, it is possible to improve the linear approximations proposed by Coutinho and Souza at Eurocrypt 2021 (Coutinho and Neto, in: Canteaut, Standaert (eds) Advances in cryptology—EUROCRYPT 2021—40th annual international conference on the theory and applications of cryptographic techniques, Zagreb, Croatia, October 17–21, 2021, proceedings, Part I. Lecture notes in computer science, vol 12696, Springer, 2021).(b)We propose a technique called Bidirectional Linear Expansions (BLE) to improve attacks against Salsa. While previous works only considered linear expansions moving forward into the rounds, BLE explores the expansion of a single bit in both forward and backward directions. Applying BLE, we propose the first differential-linear distinguishers reaching 7 and 8 rounds of Salsa and we improve Probabilistic Neutral Bit (PNB) key-recovery attacks against 8 rounds of Salsa.(c)At Eurocrypt 2022 (Dey et al in Revamped differential-linear cryptanalysis on reduced round chacha, Springer, 2022), Dey et al. proposed a technique to combine two input–output positions in a PNB attack. In this paper, we generalize this technique for an arbitrary number of input–output positions. Combining this approach with BLE, we are able to improve key recovery attacks against 7 rounds of Salsa.(d)Using all the knowledge acquired studying the cryptanalysis of these ciphers, we propose some modifications in order to provide better diffusion per round and higher resistance to cryptanalysis, leading to a new stream cipher named Forró. We show that Forró has higher security margin; this allows us to reduce the total number of rounds while maintaining the security level, thus creating a faster cipher in many platforms, especially in constrained devices.(e)Finally, we developed CryptDances, a new tool for the cryptanalysis of Salsa, ChaCha, and Forró designed to be used in high performance environments with several GPUs. With CryptDances it is possible to compute differential correlations, to derive new linear approximations for ChaCha automatically, to automate the computation of the complexity of PNB attacks, among other features. We make CryptDances available for the community at https://github.com/murcoutinho/cryptDances . - PublicationProving the biases of Salsa and ChaCha in differential attack(01-09-2020)
;Dey, SabyasachiSalsa and ChaCha are two of the most famous stream ciphers in recent times. Most of the attacks available so far against these two ciphers are differential attacks, where a difference is given as an input in the initial state of the cipher and in the output some correlation is investigated. This correlation works as a distinguisher. All the key recovery attacks against these ciphers are based on these observed distinguishers. However, the distinguisher in the differential attack was purely an experimental observation, and the reason for this bias was unknown so far. In this paper, we provide a full theoretical proof of both the observed distinguishers for Salsa and ChaCha. In the key recovery attack, the idea of probabilistically neutral bit also plays a vital role. Here, we also theoretically explain the reason of a particular key bit of Salsa to be probabilistically neutral. This is the first attempt to provide a theoretical justification of the idea of differential key recovery attack against these two ciphers. - PublicationRevisiting Cryptanalysis on ChaCha From Crypto 2020 and Eurocrypt 2021(01-09-2022)
;Dey, Sabyasachi ;Dey, Chandan; Meier, WilliChaCha has been one of the most prominent ARX designs of the last few years because of its use in several systems. The cryptanalysis of ChaCha involves a differential attack that exploits the idea of Probabilistic Neutral Bits (PNBs). For a long period, the single-bit distinguisher in this differential attack was found up to 3rd round. At Crypto 2020, Beierle et al. introduced for the first time the single bit distinguishers for 3.5th round, which contributed significantly to regaining the flow of the research work in this direction. This discovery became the primary factor behind the huge improvement in the key recovery attack complexity in that work. This was followed by another work at Eurocrypt 2021, where a single bit distinguisher at 3.5th round helped to produce a 7th round distinguisher of ChaCha and a further improvement in the key recovery. In this paper, first, we provide the theoretical framework for the distinguisher given by Beierle et al. We mathematically derive the observed differential correlation for the particular position where the output difference is observed at 3.5th round. Also, Beierle et al. mentioned the issue of the availability of proper IVs to produce such distinguishers, and pointed out that not all keys have such IVs available. Here we provide a theoretical insight of this issue. Next, we revisit the work of Coutinho et al. (Eurocrypt 2021). Using Differential-Linear attacks against ChaCha, they claimed the distinguisher and the key recovery with complexities 2218 and $2^{228.51}$ respectively. We show that the differential correlation for the 3.5th round is much smaller than the claim of Coutinho et al. This makes the attack complexities much higher than their claim. - PublicationEnhanced Differential-Linear Attacks on Reduced Round ChaCha(01-08-2023)
;Dey, Sabyasachi ;Garai, Hirendra Kumar; Sharma, Nitin KumarWe present numerous refinements to the previous differential-linear attacks on ChaCha in this study. Beierle et al. discovered a 3.5-round differential at CRYPTO 2020, which was based on the condition that suitable key-IV pairs are picked, which they termed as 'right pair'. They were able to refine their approach by doing so, but they also observed that the acquisition of a right pair requires an average of 25 iterations. In our work, we propose a method for achieving the right pairs with the help of listing, so that the extra multiplication of 25 in the overall complexity can be avoided. In addition, we present a tactical enhancement in 'Probabilistic Neutral Bit'- searching algorithm, a change in complexity computation and a novel attack strategy based on two input-output pairs. We employ them to lower the attack complexity from 2230.86 to 2218.95 for the 7-round ChaCha256. Furthermore, after almost ten years, we enhance the complexity of a 6-round 128-bit version of ChaCha (Shi et al: ICISC 2012) by more than 78 million times and for the first time, propose attacks on 7.25-round ChaCha256 and 6.5-round ChaCha128 with time complexities 2244.85 and 2121.40 respectively. - PublicationRevisiting design principles of Salsa and Chacha(01-11-2019)
;Dey, Sabyasachi ;Roy, TapabrataSalsa and ChaCha are well known names in the family of stream ciphers. In this paper, we first revisit the existing attacks on these ciphers. We first perform an accurate computation of the attack complexities of the existing technique instead of the estimation used in previous works. This improves the complexity by some margin. The differential attacks using probabilistic neutral bits against ChaCha and Salsa involve two probability biases: Forward probability bias (ϵd) and backward probability bias (ϵa). In the second part of the paper, we suggest a method to increase the backward probability bias, which helps reduce the attack complexity. Finally, we focus on the design principle of ChaCha. We suggest a slight modification in the design of this cipher as a countermeasure of the differential attacks against it. We show that the key recovery attacks proposed against ChaCha will not be effective on this modified version. - PublicationRevamped Differential-Linear Cryptanalysis on Reduced Round ChaCha(01-01-2022)
;Dey, Sabyasachi ;Garai, Hirendra Kumar; Sharma, Nitin KumarIn this paper, we provide several improvements over the existing differential-linear attacks on ChaCha. ChaCha is a stream cipher which has 20 rounds. At CRYPTO 2020, Beierle et al. observed a differential in the 3.5-th round if the right pairs are chosen. They produced an improved attack using this, but showed that to achieve a right pair, we need 2 5 iterations on average. In this direction, we provide a technique to find the right pairs with the help of listing. Also, we provide a strategical improvement in PNB construction, modification of complexity calculation and an alternative attack method using two input-output pairs. Using these, we improve the time complexity, reducing it to 2 221.95 from 2 230.86 reported by Beierle et al. for 256 bit version of ChaCha. Also, after a decade, we improve existing complexity (Shi et al. ICISC 2012) for a 6-round of 128 bit version of ChaCha by more than 11 million times and produce the first-ever attack on 6.5-round ChaCha128 with time complexity 2 123.04. - PublicationA theoretical investigation on the distinguishers of Salsa and ChaCha(30-10-2021)
;Dey, SabyasachiSalsa and ChaCha are two of the most well-known stream ciphers in last two decades. These two ciphers came into the picture when a massively used cipher RC4 was going through severe cryptanalysis and a significant number of observed weaknesses of it showed the requirement of new stream ciphers in the market. Later, ChaCha was adopted by Google as their encryption algorithm, which further increased the importance of research work on these two ciphers. Salsa and ChaCha have gone through differential key recovery attack up to the 8-th and 7-th round respectively. Initially, this attack used an experimentally observed distinguisher by observing a single bit position up to the 4th round for Salsa and 3rd round for ChaCha. Later, Maitra (2016) improved the attack complexity by minimizing the propagation of the difference after the first round using properly chosen IV values. Also, using this distinguisher, Choudhuri et al. (FSE 2016) provided a technique to construct a distinguisher for the next round of both the ciphers by observing multiple bits. Among all these attacks which were mostly based on experimental observations, theoretical works did not get much importance for these two ciphers. In this paper, we aim to theoretically investigate the reason behind these experimentally observed distinguishers for these chosen IV distinguishers, where the difference propagation is minimized up to the first round. We provide a mathematical proof of the observed probabilities for the distinguishers of both the ciphers in the single and multiple bits.