Analysis of Diagonal Constants for Extension of Salsa to 64 Bit

Abstract

In this paper, we carried out a differential cryptanalysis of Salsa, to study the effect of diagonal constants on biases after few rounds of operations. So far, we did not find any formal logic or explanation for selecting such constants. We introduced a new measure called Measure of Uniformity in bias for segregating constants as good or bad w.r.t. original constants. We found that, if we create an Input Differential (\(\mathcal {ID}\)) at Most Significant Bit (MSB) of the third word of quarterround function, then after 4 rounds, the value of Measure of Uniformity in bias either increases or decreases which is determined by the specific pattern in 4 Least Significant Bits (LSB) of first word (which is constant) of quarterround function. The location of the pattern within that diagonal constant is determined by the last two rotation constants of corresponding quarterround function. The designer constants are good constants; however, they can be even better with a slight change in constant c3. We used our observations of 32-bit Salsa to design an extended 64-bit version of Salsa. We observed similar patterns in constants for 64-bit design as well. It was observed that for 64-bit version, the bias is negligible only after 5 rounds. 64-bit design performs 1.6 to 1.7 times faster as compared to the similar implementation of 32-bit Salsa on the 64-bit machine.