Re: Funding to Attend SAM 06, LV, US

Now that you are here Dr DJB, Are there any proofs regarding Salsa20
security?
We are being taught Salsa20 and Trivium here in College of all the
proposals to eStream (Innovative Design I guess)? But when using
Salsa20 as a Low Level Crypto Primitive, could there not be any i/ps
for which a large part of the active bits cancel out? Logically I get
that the chances of this happening are too low to be significant, but
any proofs?
Also how does Salsa20 rate when in comes to more conventional measures
such as branch number and SAC? I folwed the discussion here at
Sci.crypt a year ago (Some heated exchanges :) ), but again no
conclusions.
The Salsa20 security and design documents are great to read, but not
very convincing!

I have not come accross any rlevant analysis of Salsa20 like structures
anywhere. If there are many, could you lease point me to some.
If no, do you plan to give any proofs regarding these in the near
future? If yes, plz do letme know.

Kind regards
Ashish Sharma
Received on Mon May 1 01:57:51 2006