{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,4]],"date-time":"2026-02-04T18:10:53Z","timestamp":1770228653680,"version":"3.49.0"},"reference-count":0,"publisher":"Universitatsbibliothek der Ruhr-Universitat Bochum","license":[{"start":{"date-parts":[[2023,6,16]],"date-time":"2023-06-16T00:00:00Z","timestamp":1686873600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["ToSC"],"abstract":"<jats:p>In this paper, we present an improved differential-linear cryptanalysis of the ChaCha stream cipher. Our main contributions are new differential-linear distinguishers that we were able to build thanks to the following improvements: a) we considered a larger search space, including 2-bit differences (besides 1-bit differences) for the difference at the beginning of the differential part of the differential-linear trail; b) a better choice of mask between the differential and linear parts; c) a carefully crafted MILP tool that finds linear trails with higher correlation for the linear part. We eventually obtain a new distinguisher for ChaCha reduced to 7 rounds that requires 2166.89 computations, improving the previous record (ASIACRYPT 2022) by a factor of 247. Also, we obtain a distinguisher for ChaCha reduced to 7.5 rounds that requires 2251.4 computations, being the first time of a distinguisher against ChaCha reduced to 7.5 rounds. Using our MILP tool, we also found a 5-round differential-linear distinguisher. When combined with the probabilistic neutral bits (PNB) framework, we obtain a key-recovery attack on ChaCha reduced to 7 rounds with a computational complexity of 2206.8, improving by a factor 214.2 upon the recent result published at EUROCRYPT 2022.<\/jats:p>","DOI":"10.46586\/tosc.v2023.i2.189-223","type":"journal-article","created":{"date-parts":[[2023,6,20]],"date-time":"2023-06-20T07:16:10Z","timestamp":1687245370000},"page":"189-223","source":"Crossref","is-referenced-by-count":17,"title":["Boosting Differential-Linear Cryptanalysis of ChaCha7 with MILP"],"prefix":"10.46586","author":[{"given":"Emanuele","family":"Bellini","sequence":"first","affiliation":[]},{"given":"David","family":"Gerault","sequence":"additional","affiliation":[]},{"given":"Juan","family":"Grados","sequence":"additional","affiliation":[]},{"given":"Rusydi H.","family":"Makarim","sequence":"additional","affiliation":[]},{"given":"Thomas","family":"Peyrin","sequence":"additional","affiliation":[]}],"member":"25480","published-online":{"date-parts":[[2023,6,16]]},"container-title":["IACR Transactions on Symmetric Cryptology"],"original-title":[],"link":[{"URL":"https:\/\/tosc.iacr.org\/index.php\/ToSC\/article\/download\/10983\/10416","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/tosc.iacr.org\/index.php\/ToSC\/article\/download\/10983\/10416","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,6,20]],"date-time":"2023-06-20T07:16:11Z","timestamp":1687245371000},"score":1,"resource":{"primary":{"URL":"https:\/\/tosc.iacr.org\/index.php\/ToSC\/article\/view\/10983"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,6,16]]},"references-count":0,"URL":"https:\/\/doi.org\/10.46586\/tosc.v2023.i2.189-223","relation":{},"ISSN":["2519-173X"],"issn-type":[{"value":"2519-173X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,6,16]]}}}