Salsa20

Salsa20 is a stream cipher published by Daniel J. Bernstein in 2005 and selected for the final software portfolio of the European eSTREAM competition. It generates a keystream by applying 20 rounds (Salsa20/20) — or reduced variants Salsa20/12 and Salsa20/8 — of a quarter-round function based on add-rotate-xor operations to a 512-bit internal state derived from a 256-bit key, a 64-bit nonce, and a block counter. Salsa20 is fast in software, constant-time, and has resisted cryptanalysis well beyond the reduced-round attacks that exist. It is largely superseded by ChaCha20, an iterative refinement with better diffusion and a longer nonce, but lives on through the XSalsa20 extended-nonce variant used inside the popular NaCl/libsodium cryptographic library and Tor's hidden-service protocol historically.