Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [salsa20]

Salsa20 by Daniel J. Bernstein is a family of stream ciphers built on a pseudo-random function.

Salsa20 by Daniel J. Bernstein is a family of stream ciphers built on a pseudo-random function.

The algorithm uses XOR, rotation operations, and 32-bit addition. It is pretty fast while mapping a 256-bit key, a 64-bit nonce, and a 64-bit stream position to a 512-bit output.

89 questions
23
votes
2 answers

Why should one prefer Salsa20 over ChaCha?

We are all aware of Google's approach to introduce ChaCha/Poly1305 as TLS cipher suite. The rationale seems clear: ChaCha is newer and seems to provide better security (and maybe speed?) gained from the experiences of the design of Salsa20. But in…
SEJPM
  • 46,697
  • 9
  • 103
  • 214
21
votes
3 answers

Collision or second preimage for the ChaCha core?

Daniel J. Bernstein's ChaCha core is an evolution of the Salsa20 core. Both are functions over the set of 512-bit bitstrings, partitioned as sixteen 32-bit words. Can we exhibit collisions, or second-preimages (with implies the former), for the…
fgrieu
  • 149,326
  • 13
  • 324
  • 622
18
votes
2 answers

Where did ChaCha20 and Salsa20 stream ciphers get their names from?

This is not a question targeted at a specific crypto implementation, but a question out of curiosity. What's the reason for calling the stream ciphers ChaCha/Salsa? I couldn't find any information about this on the Internet. Are those names somehow…
Aravind A
  • 1,090
  • 13
  • 22
17
votes
1 answer

Dancing confusion with Daniel J. Bernstein's stream ciphers

I know of Salsa20 which won the ESTREAM competition. This is dated of 25 Dec 2007. There is also the ChaCha20 stream cipher (cr.yp.to/chacha.html). This claims to increase the amount of diffusion per round. This is dated 28 Jan 2008. Then there is…
x9c8v7
  • 173
  • 1
  • 4
14
votes
2 answers

Interesting implementation practices in popular crypto library

So reading through the salsa20 implementation for the crypto library for go-lang, I noticed something interesting. Specifically this portion. It looks like something I would expect from someone learning programming. They took 80 lines of code of…
abrahimladha
  • 315
  • 1
  • 8
14
votes
1 answer

Security considerations on "expand 32-byte k"-magic number in the Salsa20 family of stream ciphers?

I'm currently examining the NaCl library written by Daniel J. Bernstein and I noticed that the library hard codes the sigma: static const unsigned char sigma[16] = "expand 32-byte k"; In all the salsa stream…
Pascal
  • 243
  • 2
  • 7
13
votes
3 answers

What is the PRG period of stream ciphers such as RC4 or Salsa20?

I am confused about how long a stream cipher can be used before you should change the key. To be concrete, let me use the stream cipher based on RC4 as an example. Let's say I want to encrypt a very long message. I pick a key with 128 bits and start…
rlandster
  • 317
  • 2
  • 8
10
votes
1 answer

Why is the whole initial state used in the final addition of Salsa20 and ChaCha?

Both Salsa20 and ChaCha basically work like this: Put the key, the nonce, the sequence number and a constant into a 4x4 matrix of 32-bit words. Transform the matrix invertibly with a number of ARX rounds. Add the initial matrix into the current…
otus
  • 32,462
  • 5
  • 75
  • 167
9
votes
1 answer

The Salsa20 core preserves diagonal shifts?

What do we mean by the Salsa core preserves diagonal shifts
BHARTI
  • 149
  • 3
9
votes
2 answers

Where are the ChaCha20 test vectors/examples?

I see in the Salsa20 specification there are test examples throughout the document to help an implementer make sure every function works as designed. Consequently the whole algorithm would work perfectly if all the tests pass. Without these test…
Motox
  • 146
  • 1
  • 7
8
votes
1 answer

Secure AES Key Generation via Salsa20?

I am not rolling my own crypto or anything - just trying to learn about the Dos and Don'ts of cryptography: specifically about AES encryption and ways to generate keys for that. As far as I've understand, one of the options when…
XCore
  • 273
  • 1
  • 8
7
votes
2 answers

Is there an upper limit to plaintext size in XSalsa20Poly1305?

While fiddling with the NaCl implementation in Go, specifically SecretBox, a general crypto question came up after reading the documentation. Quote: Package secretbox encrypts and authenticates small messages. I haven't seen this before. Is there…
Awn
  • 1,632
  • 1
  • 15
  • 18
7
votes
2 answers

How secure is Salsa20?

I have been hearing about Salsa20 from quite some time. It is even the favorite cipher in the ransomware world. Some ransomware used this cipher, probably because of speed. I want to know how secure this cipher is when compared to AES. How much has…
RPK
  • 571
  • 2
  • 5
  • 12
7
votes
4 answers

Can elliptic curve (25519) be used to encrypt file?

This is probably a simple question, but I haven't been able to see it stated anywhere. Is it possible to directly encrypt a file (of any length) with some form of EC using the 25519 curve. I know it's common to exchange a key with EC and then use…
user543
  • 73
  • 1
  • 3
7
votes
1 answer

Extending key sizes in Salsa20 and ChaCha?

I've written implementations of Salsa20 and ChaCha that accept 384 and 448 bit keys. It was fairly trivial to implement, the 'sigma' constant is replaced with key material, and the counter, (which was initialized at 0), rotates and can be…
JGU
  • 327
  • 3
  • 10
1
2 3 4 5 6