Abstract
Stream cipher is one of the basic cryptographic primitives that provide the confidentiality of communication through insecure channel. EU ECRYPT network has organized a project for identifying new stream suitable for widespread adoption where the ciphers can provide a more security levels. Finally the result of the project has identified new stream ciphers referred as eSTREAM. Salsa20 is one of the eSTREAM cipher built on a pseudorandom function. In this paper our contribution is two phases. First phase have two parts. In WCC 2015, Maitra et al. [9] explained characterization of valid states by reversing one round of Salsa20. In first part, we have revisited the Maitra et al. [9] characterization of valid states by reversing one round of Salsa20. We found there is a mistake in one bit change in 8th and 9th word in first round will result in valid initial state. In second part, Maitra et al. [9] as mentioned that it would be an interesting combinatorial problem to characterize all such states. We have characterized nine more values which lead to valid initial states. The combinations (s4, s7), (s2, s3), (s13, s14), (s1, s6), (s1, s11), (s1, s12), (s6, s11), (s6, s12) and (s11, s12) which characterized as valid states. In second phase, FSE 2008 Aumasson et al. [1] attacked 128-key bit of Salsa20/7 within 2111 time and ChaCha6 in within 2107 time. After this with best of our knowledge there does not exist any improvement on this attack. In this paper we have attacked 128-key bit of Salsa20/7 within 2107 time and ChaCha6 within 2102 time. Maitra [8] improved the attack on Salsa20/8 and ChaCha7 by choosing proper IVs corresponding to the 256-key bit. Applying the same concept we have attacked 128-key bit of Salsa20/7 within time 2104 and ChaCha7 within time 2101.