I'm currently a research scientist at Nexus.
I was most recently a postdoc at NTT Research and UC Berkeley, both hosted by Sanjam Garg prior to moving to Nexus. I was incredibly fortunate to be advised by Abhishek Jain during my time as a PhD student in the ARC group, at the Computer Science department in Johns Hopkins University. During my Ph.D., I spent the summer of 2018 working with Krzysztof Pietrzak at IST Austria, and the summer of 2019 working with Nir Bitansky at Tel Aviv University.
Prior to my Ph.D., I completed my masters degree in Computer Science at Indian Statistical Institute Kolkata, working with Subhamoy Maitra on some aspects of symmetric cryptography. At the time, I was hosted by Serge Vaudenay during the summer of 2015, where I worked with Divesh Aggarwal. My undergraduate degree was in Computer Science and Engineering from National Institute of Technology Karnataka, Surathkal.
I'm broadly intersted in the various aspects of Cryptography, and some other aspects of theoretical computer science. Recently my research has focused on succinct cryptographic proofs.
In my relatively short time doing research, I've been very fortunate to have worked with an incredible set of people.
In this work, we study how changes in a single bit of the starting cipher state of Salsa and ChaCha propagates biases in other bits of the cipher state. While these biases dissipate in just a few rounds of these ciphers, we show that by carefully choosing a combination of bits from the state, one is able to see strong biases that had previously been missed. These biases are then exploited to show weaknesses in the reduced round version of Salsa and ChaCha, improving the best known key recovery attacks on 8 rounds of Salsa and 7 round of ChaCha, and for the first time providing practical attacks on 6 rounds of Salsa and 5 rounds of ChaCha. Our observations can be viewed through the lens of differential-linear cryptanalysis and we present it as such in the paper.
In an attempt to provide greater conjectured security into Salsa and ChaCha, an unnecessarily high number of rounds are prescribed for the ciphers, sacrificing performance. Taking into account the existing differential attacks on reduced versions of Salsa and ChaCha, we propose a hybrid model, a simple tool to evaluate the security of ARX based constructions. We show, under certain assumptions, only 12 rounds of Salsa and ChaCha can be considered sufficient instead of the 20 proposed in these standards.