Miyaji Laboratory

We use digital platforms, in communications, financial transactions, education, entertainment, healthcare, and transportation. The use of digital platforms have significantly simplified our daily lives. However, security has consistently emerged as the primary concern when integrating digital platforms into our daily activities. To address security concerns, cryptography has always been essential for ensuring data confidentiality
and integrity, both in transit and at rest. As cryptographic primitives become more widely used, it is crucial to thoroughly understand their security properties to ensure data integrity and confidentiality.
This thesis studies the symmetric cryptography. We focus on the security assessment of stream ciphers. Stream ciphers are symmetric cryptographic functions that operate on individual bits or bytes of data, unlike block ciphers, which process data in fixed blocks. Their speed and bitwise encryption make them applicable for specific applications such as secure communications, stream media, disk encryption, voice-over IP, instant messaging, and more. Salsa 20 and ChaCha are deployed in Operating
Systems, TLS 1.3, programming libraries, networks, and others. The existing research domain mounted differential and differential-linear attacks on Salsa 8, ChaCha 7, and ChaCha 7.25. The most effective key-recovery attack on Salsa 8 has been proposed with time complexities of 2^245.5, 2^244.9, and 2^243.6, respectively. Furthermore, the best key-recovery attack on ChaCha 7.25 was presented with a complexity of 2^255.62. The
distinguisher for ChaCha 6 has been proposed with complexities of 2^116 and 2^51. However, the existing research studies have not proposed the boomerang attack on the ChaCha permutation function.
This dissertation examines the robustness of Salsa 20 and ChaCha stream ciphers and it makes three key contributions, each presented in a dedicated chapter. First, it investigates the differential cryptanalysis of Salsa 20 and ChaCha, focusing on keyrecovery attacks on their reduced-round versions. Next, it explores the higher-order differential-linear cryptanalysis of ChaCha. Finally, the dissertation examines the boomerang attack on the ChaCha permutation function, providing a detailed analysis of its security implications. The first research aimed to evaluate the security of Salsa 20 and ChaCha through an in-depth analysis of probabilistic neutral bits within a differential attack framework. This resulted in a key-recovery attack with a time complexity of 2^241.62 and a data complexity of 2^31.5 on Salsa 8. Additionally, it resulted in a key-recovery attack on ChaCha 7.25 with a time complexity of 2^254.011 and a data complexity of 2^51.81. As a
result, we reduced the attack complexity with a factor of 2^1.98 and 2^1.6 on Salsa 8 and ChaCha 7.25, respectively. The second research delves into higher-order differential-linear cryptanalysis and studies the security of ChaCha stream cipher. Additionally, we propose a higher-order differential-linear distinguishing attack on ChaCha 5, ChaCha 5.5, and ChaCha 6,
demonstrating time complexities of 2^33.21, 2^63.21, and 2^87.21, respectively. The existing research domain has not introduced distinguishing attacks. Moreover, we presented a distinguisher of Chacha 6 with a complexity of 2^47.21 and substantially enhanced the
ChaCha 6 distinguisher by 2^3.79. The third study investigated the permutation function of the ChaCha stream cipher using boomerang cryptanalysis, a variant of differential cryptanalysis. This attack
merges two distinct differential properties from separate sections of a cipher into a new differential that applies to the entire cipher, occurring with a probability of p^2q^2. This requires that both differential properties be satisfied twice. Additionally, we demonstrated that the likelihood could increase to p^2 for certain attack positions in ChaCha, reducing the attack complexity. Moreover, for the first time, we proposed an algorithm for executing boomerang attacks on the ChaCha stream cipher was also
introduced. To demonstrate the effectiveness of boomerang cryptanalysis, we targeted the permutation functions of ChaCha 6 and ChaCha 7. Our findings indicate that a boomerang attack requires 2^4.04 and 2^5.99 adaptively chosen plaintexts and ciphertexts to distinguish the permutation functions of ChaCha 6 and ChaCha 7 from a random permutation, respectively. This dissertation evaluates the security of Salsa 20 and ChaCha stream ciphers through three cryptanalytic approaches. The first research presents key-recovery attacks on Salsa 8 and ChaCha 7.25 with complexities of 2^241.62 and 2^254.011, respectively.
The second research introduces higher-order differential-linear attacks on ChaCha 5, ChaCha 5.5, and ChaCha 6, with complexities of 2^33.21, 2^63.21, and 2^87.21, respectively. It proposed an improved distinguisher for ChaCha 6. The third study applies boomerang cryptanalysis to the permutation functions of ChaCha 6 and 7, requiring 2^4.04and 2^5.99 adaptively chosen plaintexts and ciphertexts to distinguish them from
random permutations.