Yurie Okada
The IETF-standardized encryption protocol TLS1.3 uses only ChaCha as a stream cipher, and many vulnerability analyses are currently being conducted. In this study, we extend the number of rounds of the existing linear approximation formula for ChaCha, reevaluate the input/output difference, and perform a difference linear analysis for 7.25 and 7.5 rounds ChaCha.