Power analysis attacks on ARX: An application to Salsa20

In this paper, we analyze the vulnerability of Salsa20 stream cipher against power analysis attacks, especially against correlation power analysis (CPA), which is the strongest form of power analysis attacks. In recent literature, a rigorous study of optimal differential characteristics is presented, but an analysis of the resistance of the cipher against power analysis side-channel attacks remains absent. Our technique targets the three subrounds of the first round of Salsa20. The overall correlation based differential power analysis (DPA) has an attack complexity of 2¹⁹. From extensive experiments on a reduced area implementation of Salsa20, we demonstrate that two key words k₀, k₇ of a block in Salsa20 are extremely vulnerable to CPA while a combination of two key words k₂, k₄ produced a very low success rate of 0.2, which shows a high resilience against correlation-analysis DPA. This varying resilience of the key words towards correlation-analysis DPA has not been observed in any stream or block cipher in present literature, which makes the architecture of this stream cipher interesting from the side-channel analysis perspective.