Improved analysis for reduced round Salsa and Chacha

Salsa20 and ChaCha20 are two of the most promising ciphers in recent days. The most significant step in the cryptanalysis of Salsa and ChaCha is the idea of Probabilistic Neutral Bits, which was introduced by Aumasson et al. (FSE 2008). After that, no significant improvement is achieved in the procedure of choosing Probabilistic Neutral Bits. The works in this direction mostly were concerned about forward probabilities. In this paper, we give a new algorithm to construct Probabilistic Neutral Bits. We use this algorithm to improve the existing attacks for reduced rounds of both Salsa and ChaCha. Our attacks on Salsa and Chacha are respectively around 2.27 and 5.39 times faster than the existing works of Choudhuri and Maitra (accepted in FSE 2017).