Salsa20 Implementation in C#

Salsa20 is a stream cipher submitted to eSTREAM, the ECRYPT Stream Cipher Project, by Daniel Bernstein. (Salsa20/12, a version of the algorithm that uses fewer rounds, was one of four software implementations to be included in the final eSTREAM portfolio.) The algorithm can use either 128-bit or 256-bit keys, and is designed to be secure and efficient. For more information, see the Wikipedia article and the algorithm homepage.

There is a .NET port of this algorithm in the Bouncy Castle Crypto Library. Being a port from a Java library, however, that version doesn’t interoperate with the System.Security.Cryptography APIs.

The code attached to this post implements Salsa20 using a subclass of SymmetricAlgorithm (with the actual encryption class implementing ICryptoTransform), so it can be used with CryptoStream and other .NET cryptography classes.

The focus is not on efficiency (for that, one should probably use a hand-coded SSE2 implementation), but on being a straightforward port to C# from the reference implementation in C. There is also a suite of tests (that use the eSTREAM test vectors) to verify the correctness of the implementation.

Like the reference C implementation, this code is in the public domain. Download it here: Salsa20.cs, Salsa20Tests.cs.

Posted by Bradley Grainger on June 10, 2008