Symmetry (May 2022)
Rotational Cryptanalysis on ChaCha Stream Cipher
Abstract
In this paper we consider the ChaCha20 stream cipher in the related-key scenario and we study how to obtain rotational-XOR pairs with nonzero probability after the application of the first quarter round. The ChaCha20 input can be viewed as a 4×4 matrix of 32-bit words, where the first row of the matrix is fixed to a constant value, the second two rows represent the key, and the fourth some initialization values. Under some reasonable independence assumptions and a suitable selection of the input, we show that the aforementioned probability is about 2−251.7857, a value greater than 2−256, which is the one expected from a random permutation. We also investigate the existence of constants, different from the ones used in the first row of the ChaCha20 input, for which the rotational-XOR probability increases, representing a potential weakness in variants of the ChaCha20 stream cipher. So far, to our knowledge, this is the first analysis of the ChaCha20 stream cipher from a rotational-XOR perspective.
Keywords