Sum of two words

show

The addition of two 4byte words is denoted in the algorithm description as a + b. The result is divided modulo by 2^{32} (so, by the maximum value that can be stored in one word). 
The sum of two words a and b is equal to a+b mod 2^{32}. The result is a valid 4byte long word.
read more.. 

ExclusiveOr of two words

show

The ExclusiveOr of two 4byte words is denoted in the algorithm description as a XOR b. 
To perform XOR addition, two words are compared bit by bit, and XOR addition is performed for each pair. The result is also a valid proper 4byte long word.
read more.. 

Binary Left Rotation

show

The abit left rotation of a 4byte word w is denoted in the algorithm as w <<< a.
The leftmost a bits move to the rightmost positions.

A rotation of bits to the left w <<< a of a 4byte word w may be represented as the multiplication:
2^{a}·w mod(2^{32}1)
The result is a valid 4byte long word.
read more.. 

Quarterround Function

show

The Quarterround Function takes 4 words as input and returns another 4word sequence.

If x is a 4word input:
x = (x_{0}, x_{1}, x_{2}, x_{3})
then the function can be defined as follow:
quarterround(x) = (y_{0}, y_{1}, y_{2}, y_{3})
where:
y_{1} = x_{1} XOR ((x_{0} + x_{3}) <<< 7)
y_{2} = x_{2} XOR ((y_{1} + x_{0}) <<< 9)
y_{3} = x_{3} XOR ((y_{2} + y_{1}) <<< 13)
y_{0} = x_{0} XOR ((y_{3} + y_{2}) <<< 18)
The Quarterround Function can be performed in place, without the need of allocating any additional memory. First, x_{1} changes to y_{1}, then x_{2} changes to y_{2}, next x_{3} changes to y_{3}, then x_{0} changes to y_{0}. The Quarterround Function is invertible because all the modifications above are invertible.
read more.. 

Rowround Function

show

The Rowround Function takes 16 words as input, transforms them, and returns 16word sequence.

This function is very similar to the Columnround Function but it operates on the words in a different order.
If x is a 16word input:
x = (x_{0}, x_{1}, x_{2}, ..., x_{15})
then the function can be defined as follow:
rowround(x) = (y_{0}, y_{1}, y_{2}, ..., y_{15})
where:
(y_{0}, y_{1}, y_{2}, y_{3}) = quarterround(x_{0}, x_{1}, x_{2}, x_{3})
(y_{5}, y_{6}, y_{7}, y_{4}) = quarterround(x_{5}, x_{6}, x_{7}, x_{4})
(y_{10}, y_{11}, y_{8}, y_{9}) = quarterround(x_{10}, x_{11}, x_{8}, x_{9})
(y_{15}, y_{12}, y_{13}, y_{14}) = quarterround(x_{15}, x_{12}, x_{13}, x_{14})
The 16word input can be presented as a square matrix:
x_{0}  x_{1}  x_{2}  x_{3} 
x_{4}  x_{5}  x_{6}  x_{7} 
x_{8}  x_{9}  x_{10}  x_{11} 
x_{12}  x_{13}  x_{14}  x_{15} 
The rows in the matrix can be changed in parallel. Each of them is modified by the Quarterround Function.
In the first row, the words are changed in the following order:
 x_{1}
 x_{2}
 x_{3}
 x_{0}
In the second row, the words are changed in the following order:
 x_{6}
 x_{7}
 x_{4}
 x_{5}
In the third row, the words are modified in the order:
 x_{11}
 x_{8}
 x_{9}
 x_{10}
Finally, in the last, fourth row, the words are changed in the order:
 x_{12}
 x_{13}
 x_{14}
 x_{15}
read more.. 

Columnround Function

show

The Columnround Function takes 16 words as input and returns 16word sequence.

This function is very similar to the Rowround Function but operates on the words in different order.
If x is a 16word input:
x = (x_{0}, x_{1}, x_{2}, ..., x_{15})
then the function can be defined as follow:
columnround(x) = (y_{0}, y_{1}, y_{2}, ..., y_{15})
where:
(y_{0}, y_{4}, y_{8}, y_{12}) = quarterround(x_{0}, x_{4}, x_{8}, x_{12})
(y_{5}, y_{9}, y_{13}, y_{1}) = quarterround(x_{5}, x_{9}, x_{13}, x_{1})
(y_{10}, y_{14}, y_{2}, y_{6}) = quarterround(x_{10}, x_{14}, x_{2}, x_{6})
(y_{15}, y_{3}, y_{7}, y_{11}) = quarterround(x_{15}, x_{3}, x_{7}, x_{11})
The 16word input can be presented as a square matrix:
x_{0}  x_{1}  x_{2}  x_{3} 
x_{4}  x_{5}  x_{6}  x_{7} 
x_{8}  x_{9}  x_{10}  x_{11} 
x_{12}  x_{13}  x_{14}  x_{15} 
The columns in the matrix can be changed in parallel. Each of them is modified by the Quarterround Function.
In the first column, the words are changed in the following order:
 x_{4}
 x_{8}
 x_{12}
 x_{0}
In the second column, the words are modified in the following order:
 x_{9}
 x_{13}
 x_{1}
 x_{5}
In the third column, the words are changed in the order:
 x_{14}
 x_{2}
 x_{6}
 x_{10}
In the last fourth column, the words are modified in the order:
 x_{3}
 x_{7}
 x_{11}
 x_{15}
read more.. 

Doubleround Function

show

The Doubleround Function takes 16 words as input and returns 16word sequence.

If x is a 16word input, then the Doubleround Function can be defined as follow:
doubleround(x) = rowround(columnround(x))
read more.. 

Littleendian Function

show

The Littleendian Function changes the order of a 4byte sequence.

If b is a sequence of four bytes:
b = (b_{0}, b_{1}, b_{2}, b_{3})
then the function is defined as:
littleendian(b) = b_{0} + 2^{8}b_{1} + 2^{16}b_{2} + 2^{24}b_{3}
The Littleendian Function is invertible. It just simply changes the order of bytes in a word.
read more.. 

Salsa20 Hash Function

show

The Salsa20 Hash Function takes 64 bytes as input and returns a 64byte sequence.

First, the Hash Function creates 16 words from the received 64byte input. If input is a sequence of 64 bytes:
input =(b_{0}, b_{1}, b_{2}, ..., b_{63})
then 16 words are created as below:
w_{0} = littleendian(b_{0}, b_{1}, b_{2}, b_{3})
w_{1} = littleendian(b_{4}, b_{5}, b_{6}, b_{7})
[...]
w_{15} = littleendian(b_{60}, b_{61}, b_{62}, b_{63})
Then, all 16 words are modified by 10 iterations of the Doubleround Function:
(x_{0}, x_{1}, ..., x_{15}) = doubleround^{10}(w_{0}, w_{1}, ..., w_{15})
Finally, the 16 words received as input are added (as described above) to the modified 16 words and changed to 64 new bytes using the Littleendian Function. The bytes are output from the Salsa20 Hash Function:
output = littleendian^{1}(x_{0}+w_{0}) + littleendian^{1}(x_{1}+w_{1}) + ... + littleendian^{1}(x_{15}+w_{15})
read more.. 

Salsa20 Expansion Function

show

The Salsa20 Expansion Function takes two sequences of bytes. The first sequence can have either 16 or 32 bytes and the second sequence (n) is always 16byte long. The function returns another sequence of 64 bytes.

If the first sequence is 32bytes long, then it is divided into two shorter sequences of 16 bytes (k_{0} and k_{1}). The Salsa20 Expansion Function is defined by using the Salsa20 Hash Function, as shown below:
Salsa20Expansion_{k0, k1}(n) = Salsa20Hash(a_{0}, k_{0}, a_{1}, n, a_{2}, k_{1}, a_{3})
where:
a_{0} = (101, 120, 112, 97)
a_{1} = (110, 100, 32, 51)
a_{2} = (50, 45, 98, 121)
a_{3} = (116, 101, 32, 107)
If the first sequence is 16bytes long (k), then the Salsa20 Expansion Function is defined by using the Salsa20 Hash Function as below:
Salsa20Expansion_{k}(n) = Salsa20Hash(b_{0}, k, b_{1}, n, b_{2}, k, b_{3})
where:
b_{0} = (101, 120, 112, 97)
b_{1} = (110, 100, 32, 49)
b_{2} = (54, 45, 98, 121)
b_{3} = (116, 101, 32, 107)
The constant values of the vector (a_{0}, a_{1}, a_{2}, a_{3}) mean 'expand 32byte k' in ASCII code. Similarly, the constant values of the second vector (b_{0}, b_{1}, b_{2}, b_{3}) mean 'expand 16byte k' in ASCII.
read more.. 
