Salsa20
What is Salsa20?
Salsa20A 256-bit-key stream cipher designed by Daniel J. Bernstein in 2005, selected by the eSTREAM portfolio and the direct ancestor of ChaCha20.
Salsa20 is a stream cipher published by Daniel J. Bernstein in 2005 and selected for the final software portfolio of the European eSTREAM competition. It generates a keystream by applying 20 rounds (Salsa20/20) — or reduced variants Salsa20/12 and Salsa20/8 — of a quarter-round function based on add-rotate-xor operations to a 512-bit internal state derived from a 256-bit key, a 64-bit nonce, and a block counter. Salsa20 is fast in software, constant-time, and has resisted cryptanalysis well beyond the reduced-round attacks that exist. It is largely superseded by ChaCha20, an iterative refinement with better diffusion and a longer nonce, but lives on through the XSalsa20 extended-nonce variant used inside the popular NaCl/libsodium cryptographic library and Tor's hidden-service protocol historically.
● Examples
- 01
NaCl/libsodium's secretbox uses XSalsa20-Poly1305 as its default AEAD.
- 02
Salsa20/12 was a final-portfolio entry of the eSTREAM competition.
● Frequently asked questions
What is Salsa20?
A 256-bit-key stream cipher designed by Daniel J. Bernstein in 2005, selected by the eSTREAM portfolio and the direct ancestor of ChaCha20. It belongs to the Cryptography category of cybersecurity.
What does Salsa20 mean?
A 256-bit-key stream cipher designed by Daniel J. Bernstein in 2005, selected by the eSTREAM portfolio and the direct ancestor of ChaCha20.
How do you defend against Salsa20?
Defences for Salsa20 typically combine technical controls and operational practices, as detailed in the full definition above.