# News & Events

## Seminar

Date/Time:
Thursday, July 12, 2018 - 16:00 to 17:00
Venue:
SMS Conference Hall
Speaker:
Sabyasachi Dey
Affiliation:
Title:
Some results on Stream Ciphers
Abstract:- This talk is based on some results on the stream ciphers RC4, Salsa, ChaCha and Fruit. We provide theoretical proofs of few famous biases observed in the RC4 algorithm. These biases have significant contributions to recover plaintexts from the knowledge of ciphertexts. For Salsa and ChaCha, we improve the existing attacks. Fruit, which is an ultra lightweight stream cipher proposed very recently, does not have many known attacks against it till now. Here we cryptanalyse Fruit and provide a time memory tradeoff attack. RC4, which is one of the mostly used stream ciphers in last two decades, is now considered to be weak because of multiple biases which have been reported. RC4 has gone through rigorous analysis in last twenty years. In 1995, Andrew Roos observed a bias of output bytes of RC4. We generalise that work. We also provide some theoretical justification for the bias of every output byte towards a linear function of the first key byte, which was observed by Paterson et al. in Asiacrypt 2014. This bias has been used in a broadcast attack in WEP. Also, another useful bias observed experimentally is the bias of i-th output byte towards i. Here we justify this bias theoretically. Salsa and ChaCha are two ciphers which are considered to be the replacement of old stream ciphers like RC4. In FSE 2008, Aumasson et al. introduced an idea of probabilistically neutral bits to provide differential attacks against these two ciphers. Using that idea, Salsa can be attacked up to 8-th round and ChaCha up to 7-th round. Afterwards, those attacks have been improved further. Here, we provide an algorithm to construct the set of probabilistically neutral bits in a better way to improve the attack. Our construction of probabilistically neutral bit set is able to reduce the attack complexity, both for Salsa and ChaCha. Fruit, compared to the previously discussed ciphers, is much newer. Fruit is very interesting because of its ultra lightweight structure. Its design is inspired by the principle used in Sprout, which involved the use of key bits in NFSR update function. Fruit has a state of size 80, which is same as its key size. We provide a time memory tradeoff attack against Fruit. Our attack finds the state with complexity around $2^{75}$ for first 80-bit version of Fruit and complexity $2^{76.66}$ second 80-bit version of Fruit.