All Questions
33
questions
1
vote
1
answer
340
views
ChaCha20 as a block cipher
Would it be possible to use ChaCha20 as a block cipher? With the key, the entire block function can be reversed.
2
votes
1
answer
139
views
Recommended output filter for Rumba20 [closed]
Rumba20 is a compression function that maps a 192-byte (1536-bit) string to a 64-byte (512-bit) string. It's designed to provide collision resistance by using Salsa20 (or ChaCha20) with the ...
0
votes
1
answer
140
views
Various attacks on cipher-images & tools, especially stream-cipher?
What kind of attack of image encryption that exist out there, especially if the cipherimage was created using secure stream-cipher like Salsa20 (256 key) or ChaCha20 (256 key)?
From https://cr.yp.to/...
0
votes
1
answer
161
views
Can the security of Salsa20/Chacha20 be expanded to 448-bits if I fill the nonce and the Nothing-up-my-sleeve numbers with key material?
As I studied, Salsa20/Chacha20 is basically a hash function that accepts a 64-byte input and returns a output of the same size of input.
128-bits of the input are filled with four "Nothing-up-my-...
1
vote
1
answer
421
views
Does Salsa20/ChaCha20 still provide Integrity when Encrypt Bitmap?
Forgive me for this question. I have an idea to encrypt *.bmp bitmap files using ChaCha20/Salsa20 without Poly1305.
This is just a simple program, where I can encrypt *.bmp bitmap images, with the ...
2
votes
3
answers
465
views
Benchmark for CSPRNG as stream ciphers?
My limitation in my security protocol is that I want my RNG as CSPRNG and I also want it to be super fast.
If I use Salsa20 or ChaCha or AES counter mode, I don't get the desired speed. I want my PRNG ...
3
votes
0
answers
211
views
Does varying ChaCha rounds add any security?
This paper introduces 'Freestyle' a randomized, and variable round version of the ChaCha cipher. It uses the concept of hash based halting condition, where a decryption attempt with an incorrect key ...
3
votes
4
answers
2k
views
Is Salsa20+Poly1305 an AEAD?
I see Chacha20Poly1305, XsalsaPoly1305 and AES GCM usually used and mentioned in literature and implementations as AEAD cyphers. My question is that Poly1305 provides authentication and Salsa20 ...
3
votes
1
answer
5k
views
Is XChacha20 - Poly1305 Quantum resistant?
This is a question just out of curiosity, as I am a newbie to Post Quantum Cryptography. I have read several articles where they emphasize that current standardised symmetric encryption algorithms (...
18
votes
2
answers
4k
views
Where did ChaCha20 and Salsa20 stream ciphers get their names from?
This is not a question targeted at a specific crypto implementation, but a question out of curiosity. What's the reason for calling the stream ciphers ChaCha/Salsa?
I couldn't find any information ...
1
vote
1
answer
321
views
(Whitebox Crypto) Using ChaCha20, is it safe to reduce the nonce length in a single block cipher?
I am willing to write a Whitebox Crypto unit using ChaCha20 algorithm (Bernstein, D. 2008) for an input consisting of a single block. The fact it is going to be a single block cipher is of special ...
2
votes
1
answer
506
views
Related-key attacks against Salsa20 and ChaCha
From the Salsa20 security document, DJB states that he doesn't care about related key attacks:
The standard solutions to all the standard cryptographic problems—encryption, authentication, etc.—are ...
5
votes
1
answer
536
views
Fundamental difference between the constant, key, nonce, and counter bits in Salsa20/ChaCha20 or AES-Encrypt?
The Salsa20 core function takes a 128-bit constant, 256-bit key, 64-bit counter, and 64-bit nonce and produces a 512-bit value. Or more generically, it is a mapping from 512-bit values to 512-bit ...
5
votes
2
answers
554
views
Append data to authenticated ciphertext encrypted using a stream cipher
Say we have xSalsa20 authenticated using Poly1305. If $ X $ is the ciphertext, $N$ is the nonce value, and $H$ is the authentication tag such that the final ciphertext is $ N || X || H $, then given ...
3
votes
1
answer
2k
views
How resistant are stream ciphers like Salsa20 or ChaCha in a post-quantum world?
What kind of quantum computer would be required, if it is possible to break such ciphers?