Construction of Salsa20 and ChaCha Cryptographic Algorithms

This text discusses the construction and core functions of the Salsa20 and ChaCha cryptographic algorithms, highlighting their design principles, input parameters, and similarities in structure and operation. Salsa20, a family of flow-through cryptographic algorithms, was designed by Daniel J. Bernstein in 2005 for the eSTREAM competition. The algorithms are based on substitution-permutation networks, Feistel networks, and ARX principles, offering strong security features for data encryption. Explore the key components and workings of these modern ciphers through insightful discussions and visual aids.

• Cryptographic algorithms
• Salsa20
• ChaCha
• Security
• Encryption

nath_yre Follow

Uploaded on Apr 08, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. A BRIEF DISCUSSION ABOUT CONSTRUCTION OF CRYPTOGRAPHIC ALGORITHMS SALSA20 AND CHACHA B.Damjanovi N.Novakovi N.Stamenkovi Damjanovic, Novakovic, Stamenkovic 1

2. Introduction Symmetric ciphers block ciphers and stream ciphers RC4, A5/1, A5/2 (whose use is no longer recommended) Salsa, ChaCha20 ciphers [2]. Damjanovic, Novakovic, Stamenkovic 2

3. Introduction Cryptographic algorithms Substitution-permutation networks (SPNs) Feistel networks, Add-Rotate-XOR (ARX) algorithms, algorithms based on Feedback Shift Registers (NLFSRs) Nonlinear Feedback Shift Registers (NLFSRs) and hybrid algorithms Salsa20 and ChaCha: ARX Damjanovic, Novakovic, Stamenkovic 3

4. Introduction The Salsa20 - flow-through cryptographic algorithm Daniel J. Bernstein Salsa20 family designed in 2005 eSTREAM competition within the ECRYPT project Salsa20 algorithm based on a Salsa20 hash function similar to a counter in CTR mode. Damjanovic, Novakovic, Stamenkovic 4

5. Introduction Salsa20 ciphertext hash based on the key, the initialization vector (nonce) and the block number. The resulting hash merged with plain text XOR operation Salsa20 - basis for algorithm ChaCha The ChaCha similar in construction except composition of its quarterround function (core function) and the composition of the initial matrix Damjanovic, Novakovic, Stamenkovic 5

6. Salsa20 The Salsa20 core functions Quarter-Round (quarterround), Row-Round (rowround) and Column-Round (columnround). They are part of the Double-Round (doubleround) function. Salsa20: 128-bit (duplicates the key) and 256-bit keys. Damjanovic, Novakovic, Stamenkovic 6

7. Salsa20 Salsa20 input 512-bit string called State. 4x4 matrix composed of 32-bit words Salsa20 core function Input 256-bit key (k0, k1, k2, k3, k4, k5, k6, k7), 64-bit counter (p0, p1), 64-bit nonce (v0, v1), four 32- bit constants (c0, c1, c2, c3) Output 512-bit output. Damjanovic, Novakovic, Stamenkovic 7

8. Salsa20 English expression "expand 16-byte k" or "expand 32-byte k" C0 = "expa", C1 = "nd 3", C2 = "2-by", C3 = "te k". Damjanovic, Novakovic, Stamenkovic 8

9. Salsa20 Quarter-Round Salsa20 basic permutation function Quarter-Round (quarterround) Cosnists from Row-Round and Column-Round For input: y=(y0, y1, y2, y3) We have quarterround(y) = (?0,?1,?2, ?3) where ?1= ?1 ?0+ ?3 7 ?2= ?2 ?1+ ?0 9 ?3= ?3 ?0= ?0 ?2+ ?1 13 ?3+ ?2 18 Damjanovic, Novakovic, Stamenkovic 9

10. Salsa20 Row-Round Salsa20 basic permutation function Row-Round (rowround) For input: y = (y0, y1, y2, y3, , y15) We have rowround(y) = (z0, z1, z2, z3, , z15) where: (z0, z1, z2, z3) = quarterround(y0, y1, y2, y3); (z5, z6, z7, z4) = quarterround(y5, y6, y7, y4); (z10, z11, z8, z9) = quarterround(y10, y11, y8, y9); (z15, z12, z13, z14) = quarterround(y15, y12, y13, y14) Damjanovic, Novakovic, Stamenkovic 10

11. Salsa20 Column-Round Salsa20 basic permutation function Column-Round (columnround) For input: x = (x0, x1, x2, x3, , x15) We have columnround(x) = (y0, y1, y2, y3, , y15) where: (y0, y4, y8, y12); = quarterround(x0, x4, x8, x12); (y5, y9, y13, y1) = quarterround(x5, x9, x13, x1); (y10, y14, y2, y6) = quarterround(x10, x14, x2, x6); (y15, y3, y7, y11) = quarterround(x15, x3, x7, x11); Damjanovic, Novakovic, Stamenkovic 11

12. Salsa20 hash (Core) function Salsa20 hash function (Core) input: sequence of 64 bytes, output sequence 64 bytes Salsa20(x) = x + doubleround10(x) exponent refers to 10 iterations Damjanovic, Novakovic, Stamenkovic 12

13. Salsa20 expansion function Salsa20 expansion function every 64 bytes of data. Input: buffer State For 32 bytes key and 16 bytes IV (nonce) Output: Salsa20k(n) - sequence length 64 bytes. For a 32-bit key, string "expand 32-byte k" 0=(101, 120, 112, 97), 1=(110, 100, 32, 51), 2=(50, 45, 98, 121), 3=(116, 101, 32, 107) For 16 byte long k0 and k1 and 16 bzte long IV n Salsa20k0,k1(n) = Salsa20( 0, k0, 1, n, 2, k1, 3) Damjanovic, Novakovic, Stamenkovic 13

14. Salsa20 expansion function For 16 byte lonk k string "expand 16-byte k" : 0=(101, 120, 112, 97), 1=(110, 100, 32, 49), 2=(54, 45, 98, 121), 3=(116, 101, 32, 107) For 16 byte key k and 16-byte sequence IV (nonce) n Salsa20k(n) = Salsa20( 0, k, 1, n, 2, k, 3) Damjanovic, Novakovic, Stamenkovic 14

15. Salsa20 encryption function The Salsa20 encryption function processes the message m XOR operation mix result of the Salsa20 expansion function message m Damjanovic, Novakovic, Stamenkovic 15

16. Chacha algorithm ChaCha family of stream ciphers, Bernstein, 2008 modification of the Salsa20 family. ChaCha follows the principles of Salsa20 Quarter-Round function and the State buffer were modified Damjanovic, Novakovic, Stamenkovic 16

17. Chacha algorithm Salsa20 transforms 4 words of 32-bit length ? = ? ? + ? 7 ? = ? ? + ? 9 ? = ? ? = ? ? + ? 13 ? + ? 18 Damjanovic, Novakovic, Stamenkovic 17

18. Chacha algorithm ChaCha uses 4 additions, 4 XOR operations and 4 rotations transform 4 words (32-bits each). ChaCha transforms each word twice, ? = ? + ?;? = ? ?;? = ? 16; ? = ? + ?;? = ? ?;? = ? 12; ? = ? + ?;? = ? ?;? = ? 8; ? = ? + ?;? = ? ?;? = ? 7; Damjanovic, Novakovic, Stamenkovic 18

19. Chacha algorithm ChaCha input matrix constant key key input constant key key input constant key key input constant key key input Vs Salsa input matrix constant key input key key constant input key Key input constant key key input key constant Damjanovic, Novakovic, Stamenkovic 19

20. Chacha algorithm ChaCha processes even and odd rounds in the same way QUARTERROUND( x0, x4, x8,x12) QUARTERROUND( x1, x5, x9,x13) QUARTERROUND( x2, x6,x10,x14) QUARTERROUND( x3, x7,x11,x15) QUARTERROUND( x0, x5,x10,x15) QUARTERROUND( x1, x6,x11,x12) QUARTERROUND( x2, x7, x8,x13) QUARTERROUND( x3, x4, x9,x14) Damjanovic, Novakovic, Stamenkovic 20

21. Conslusion Salsa20 and Salsa simple, fast , software-oriented algorithms, Libs: NaCl cryptographic library Google - ChaCha20 for symmetric encryption and Poly1305 for authentication in OpenSSL and NSS (2013) OpenSSL - 1.1.0 in 2016. PHP 7.2 - Sodium extension Large software vendors Support long-term use Damjanovic, Novakovic, Stamenkovic 21