Enhancing the Key Recovery Attack on Round Reduced Salsa

Salsa is the most well-known stream cipher and a finalist of the eSTREAM project. The concept of probabilistic neutral bits (PNBs) first presented by Aumasson et al., is the most important step in the cryptanalysis of Salsa. In this paper, we provide a strategy to find a better set of PNBs and we improve the existing attacks. Our attack complexity is 2(210.38), which is an improvement of the latest work at ASIACRYPT 2022. We also revisit the work of Ghafoori et al. (ISPEC 2022). In their study, they used a PNB-based differential attack to present a key recovery attack on Salsa20/8 with a time complexity of 2(144.75). They claimed their approach was the most effective single -bit differential attack to date. Our paper challenges this claim, providing experimental results and reasoned arguments to support our case.