Truncated differential cryptanalysis of five rounds of Salsa20

[ciphergoth]

This is what I've been doing in my spare time for the last couple of weeks:

Truncated differential cryptanalysis of five rounds of Salsa20 (PDF)

(discussion, Wikipedia on Salsa20).

This doesn't break the whole cipher, just a seriously reduced version.

Comments

[ephermata.livejournal.com]

Nice. I look forward to reading it. Have you sent it to eprint.iacr.org yet?

[ciphergoth.livejournal.com]

No, do you think I should? I'm not sure there's anything in there novel enough to justify wider publication, but maybe I'm wrong. What are the advantages of publication on eprint? Thanks!

[ephermata.livejournal.com]

Let me caution that I haven't read your paper in detail. Still, putting it on eprint will give others a stable, long-term URL with which to cite the work. It will give you a single place to update the work and let the update be communicated to people who read eprint (whereas if you just update on your web page, it might be no one notices). Finally, it'll be noticed by the people who read eprint, but maybe don't read the ECRYPT forum, if there are any such.

The bar for novelty is low for eprint; it's more or less a tech report. They have been known to refuse submissions, but that is supposed to be rare. Might as well try it.

[ciphergoth.livejournal.com]

OK, I will - thanks!

It's about as straightforward as a truncated differential cryptanalysis can be. The only unusual features are that I use a lot of differential characteristics rather than just one, and they exhibit a lot of clustering, and there are a few trails that are twice as frequent as theory predicts. I'm investigating that latter thing now - it looks like it might be the most interesting part of all this.

[ciphergoth.livejournal.com]

How long do they usually take to tell you whether or not your submission is accepted?

[ephermata.livejournal.com]

It's managed by hand, so it varies. Longest I've had is about a week. Shortest is two days.

[deliberateblank.livejournal.com]

drawing only strong criticism from Bernstein

The scepticism from others I can understand, but I wonder why that is considered relevant. Solid refutation yes, criticism, well he would say that wouldn't he?

[ciphergoth.livejournal.com]

An-Ping's paper is a load of garbage; there's no analysis there, only a catalogue of mistakes. Unfortunately, I can't say that on Wikipedia, becuase it's not NPOV. Bernstein hasn't reacted with hostility to my cryptanalysis, quite the reverse.

[zellah.livejournal.com]

Am just going round poking invited people who haven't RSVPed in the direction of my Birfday Partyage post here (http://www.livejournal.com/users/exitwound/400211.html). Let me know if you think you can make it or not! :)

[shevek.livejournal.com]

I have papers for you.