Salsa by Daniel J. Bernstein was meant to run with 20 rounds. As i can configure the rounds in Bouncycastle with Salsa20Engine, do i have better security by increasing the rounds to 1000? The Performance is negligible.
Asked
Active
Viewed 371 times
1 Answers
4
In general you should avoid changing the cipher for no particular reason. It is unlikely that simply increasing the number of rounds will significantly change the security of the cipher. Although attacks are generally against a limited number of rounds, the following is stated for Salsa20 (source: Wikipedia):
As of 2015, there are no published attacks on Salsa20/12 or the full Salsa20/20; the best attack known[2] breaks 8 of the 12 or 20 rounds.
And this is with very high memory requirements, and only partially reducing the complexity (without any practical attacks even for the reduced round version).
If Salsa20 is broken it is likely an issue with the operations within a round, or something with regard to pre- or post-processing.
So you'd gain next to nothing while sacrificing performance and - probably more importantly - compatibility.
If you want better security you can use another stream cipher - or block cipher in stream mode - to XOR the ciphers together. You could also look at (ciphers with) hardware support to provide better protection of the key and possibly the algorithm (with regards to side channel attacks).
Maarten Bodewes
- 96,351
- 14
- 169
- 323