Rotational analysis of ChaCha permutation

Stefano Barbero; Emanuele Bellini; Rusydi Makarim

arXiv:2008.13406·math.CO·September 1, 2020

Rotational analysis of ChaCha permutation

Stefano Barbero, Emanuele Bellini, Rusydi Makarim

PDF

TL;DR

This paper analyzes the ChaCha20 permutation's resistance to rotational cryptanalysis, showing it behaves less like a random permutation up to 17 rounds, with bounds on rotational collision probabilities.

Contribution

It provides the first theoretical bounds on the rotational cryptanalysis of ChaCha20's permutation, extending from quarter rounds to the full permutation.

Findings

01

Rotational probability bounds for ChaCha quarter round

02

Extension of bounds to full rounds and permutation

03

Probability of rotational collision is less than 2^-488 for 17 rounds

Abstract

We show that the underlying permutation of ChaCha20 stream cipher does not behave as a random permutation for up to 17 rounds with respect to rotational cryptanalysis. In particular, we derive a lower and an upper bound for the rotational probability through ChaCha quarter round, we show how to extend the bound to a full round and then to the full permutation. The obtained bounds show that the probability to find what we call a parallel rotational collision is, for example, less than $2^{- 488}$ for 17 rounds of ChaCha permutation, while for a random permutation of the same input size, this probability is $2^{- 511}$ . We remark that our distinguisher is not an attack to ChaCha20 stream cipher, but rather a theoretical analysis of its internal permutation from the point of view of rotational cryptanalysis.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.