I'm currently a postdoc at NTT Research, mentored by Sanjam Garg. I was most recently a postdoc at UC Berkeley prior to moving to NTT Research.
I was incredibly fortunate to be advised by Abhishek Jain during my time as a PhD student in the ARC group, at the Computer Science department in Johns Hopkins University. During my Ph.D., I spent the summer of 2018 working with Krzysztof Pietrzak at IST Austria, and the summer of 2019 working with Nir Bitansky at Tel Aviv University.
Prior to my Ph.D., I completed my masters degree in Computer Science at Indian Statistical Institute Kolkata, working with Subhamoy Maitra on some aspects of symmetric cryptography. At the time, I was hosted by Serge Vaudenay during the summer of 2015, where I worked with Divesh Aggarwal. My undergraduate degree was in Computer Science and Engineering from National Institute of Technology Karnataka, Surathkal.
My primary research interests lie in the various aspects of Cryptography, and some other aspects of theoretical computer science.
In my relatively short time doing research, I've been very fortunate to have worked with an incredible set of people.
In this work, we study how changes in a single bit of the starting cipher state of Salsa and ChaCha propagates biases in other bits of the cipher state. While these biases dissipate in just a few rounds of these ciphers, we show that by carefully choosing a combination of bits from the state, one is able to see strong biases that had previously been missed. These biases are then exploited to show weaknesses in the reduced round version of Salsa and ChaCha, improving the best known key recovery attacks on 8 rounds of Salsa and 7 round of ChaCha, and for the first time providing practical attacks on 6 rounds of Salsa and 5 rounds of ChaCha. Our observations can be viewed through the lens of differential-linear cryptanalysis and we present it as such in the paper.
In an attempt to provide greater conjectured security into Salsa and ChaCha, an unnecessarily high number of rounds are prescribed for the ciphers, sacrificing performance. Taking into account the existing differential attacks on reduced versions of Salsa and ChaCha, we propose a hybrid model, a simple tool to evaluate the security of ARX based constructions. We show, under certain assumptions, only 12 rounds of Salsa and ChaCha can be considered sufficient instead of the 20 proposed in these standards.