The Amplified Boomerang Attack on ChaCha
摘要
ChaCha is a widely employed stream cipher in hardware and software applications, including its use in TLS 1.3. It generates a 512-bit keystream using modular addition, constant rotation, and exclusive OR operations. The security of ChaCha primarily depends on modular addition, which serves as the central nonlinear operation in its structure. ChaCha’s resistance to conventional differential cryptanalysis increases significantly after 3.5 rounds, making searching for long differential characteristics with a high probability of occurrence more challenging. We focused on identifying short differential characteristics with higher probabilities and launched an attack on ChaCha using amplified boomerang cryptanalysis. In this work, we introduced distinguishers for ChaCha7, ChaCha6, and ChaCha4, with complexities of \(2^{35.99}\) , \(2^{36}\) , and \(2^{34}\) , respectively. This represents the first amplified boomerang attack and the most effective distinguisher attack on the reduced rounds of ChaCha.