All Questions
Tagged with chacha algorithm-design
6
questions
8
votes
3
answers
5k
views
Is the ChaCha20 block function reversible using known plaintext?
I've been recently implementing the chacha20 stream cipher with Poly1305. As the core operations which make up the Quarter Round of chacha20 (ARX - Addition Rotation Xor) are indeed reversible, does ...
- 1,030
3
votes
1
answer
208
views
Determining strength of a crypto algorithm - clarification with the salsa paper
I am reading through the salsa family paper and on the second page DJB says this -- One can reasonably conjecture, for example, that every function that encrypts data in 0.5 Core-2 cycles/byte is ...
- 861
5
votes
0
answers
217
views
Can an analog of ChaCha with 64-bit words be defined, and would it be secure? [duplicate]
Blake2b has a lightning fast compression function with more-than-overkill security even against quantum attacks. It seems to be based on ChaCha, but with 64-bit words and different rotation constants....
- 4,793
10
votes
1
answer
601
views
Why is the whole initial state used in the final addition of Salsa20 and ChaCha?
Both Salsa20 and ChaCha basically work like this:
Put the key, the nonce, the sequence number and a constant into a 4x4 matrix of 32-bit words.
Transform the matrix invertibly with a number of ARX ...
- 32.2k
9
votes
2
answers
5k
views
Where are the ChaCha20 test vectors/examples?
I see in the Salsa20 specification there are test examples throughout the document to help an implementer make sure every function works as designed. Consequently the whole algorithm would work ...
- 146
6
votes
1
answer
1k
views
Extending key sizes in Salsa20 and ChaCha?
I've written implementations of Salsa20 and ChaCha that accept 384 and 448 bit keys. It was fairly trivial to implement, the 'sigma' constant is replaced with key material, and the counter, (which was ...
- 317