All Questions
27
questions
2
votes
1
answer
199
views
48-bit nonce reuse with ChaCha20
The situation:
I have a group with 20 members, each member broadcasting 1 message per second. Communicating one on one is possible, but 1 message per member per second is the absolute limit and every ...
- 43
2
votes
1
answer
74
views
Choice of nonce for reproducible encryption
In my application I have an SQLite database that stores labels for images, like this:
IMAGE ID
LABEL
1
foo
1
bar
2
bar
3
foo
The LABEL column is indexed as it is important that I can efficiently ...
- 173
0
votes
0
answers
441
views
Nonces in chacha20poly1305 vs chacha20
I'm currently working on replacing the chacha20 encryption in my app with chacha20poly1305, but I'm running into a few questions that I can't seem to find clear answers to, mainly stemming from the ...
1
vote
0
answers
290
views
Implement deterministic authenticated encryption using libsodium
Note: this is my first question on stack exchange, let me know if you miss some details to answer and I will edit the question accordingly
Context
I'm willing to create a git encryption tool (...
- 11
1
vote
1
answer
1k
views
Is it safe to use many nonces for XChaCha20?
I have a very simple question. Since XChaCha20 nonces are 192-bit, there's technically no limitation to the max number of message encrypted, since the chances of two random nonces being the same are ...
- 449
2
votes
2
answers
410
views
Can I use ChaCha20-Poly1305 as my KDF?
I have two devices that use a PSK. One is embedded and extremely resource confined. I'm already using ChaCha20-Poly1305 so it would be "free" to reuse this. There is no transport encryption ...
1
vote
1
answer
580
views
Can we encrypt part of the XChaCha/XSalsa nonce?
The xChaCha cipher detailed here extends the nonce 192bits and works as follows (from the link):
Pass the key and the first 16 bytes of the 24-byte nonce to HChaCha20 to obtain the subkey.
Use the ...
- 1,453
2
votes
1
answer
1k
views
Why is it secure to reuse key and nonce in ChaCha20-Poly1305 AEAD construction?
While looking at the ChaCha20 and Poly1305 AEAD construction as defined by RFC 8439, more precisely its use of the key and the nonce, I came up with the questions below. Maybe someone with some in-...
user80435
2
votes
1
answer
1k
views
Is it safe to reuse the same nonce for decryption an indefinite amount of times in this context?
I'm creating a password management application and I'm considering using the following procedure to keep passwords safe:
Asking the user for raw_password, for ...
- 427
2
votes
1
answer
500
views
If ChaCha20 is being used just as a CSPRNG, is nonce needed?
I'm planning to use ChaCha20 just as a CSPRNG. Key is random (taken from strong initial entropy source) and will be constantly replaced via DJB's fast key-erasure scheme. What should I use as the ...
1
vote
1
answer
3k
views
How to generate a nonce for ChaCha20 Poly1305?
I am using a self implementation of ChaCha20 with Poly1305. Since the nonce is only 96 bits it cannot be chosen at random. Can anyone suggest an efficient method to generate nonce from the key ?
- 1,030
2
votes
1
answer
607
views
ChaCha20-Poly1305: Can my salt/pass for a KDF also be the nonce?
I have a PSK. I don't want to use it directly. I want to pass a "salt"/password into a KDF and get a new key for authenticated encryption with ChaCha20-Poly1305 .
I need to give the other side the ...
2
votes
1
answer
968
views
Chacha20 internal counter/position and nonce
I have to encrypt the communications between two devices. I was planning on using a timestamp(in seconds) and the serial number as the nonce. I know its impossible for me to send more than 100 ...
- 21
3
votes
1
answer
7k
views
ChaCha20: is this a potentially safe way of using nonce derived from private key if the key/nonce pair is never reused, for a given plaintext?
Note: I realize in ChaCha20 the nonce should be random and unique each time follow certain constraints but am trying to determine whether there could be a safe way to use it just once if other ...
- 401
2
votes
1
answer
2k
views
Is it safe to send IV in plain text for every request?
Currently, I am creating a project with an IoT device. This is an offline device which shows a QR code which can be scanned by a mobile device, which sends this code to a server. The server handles ...
user65643