Questions tagged [chacha]
ChaCha is a family of stream ciphers proposed by Daniel J. Bernstein, as an evolution of Salsa20 with (conjecturally) improved resistance to cryptanalysis.
179
questions
0
votes
1
answer
1k
views
Security of ChaCha compared to AES and Serpent
I'm trying to understand how secure XChaCha20 is in comparison with other ciphers. From what I know, ChaCha is more secure than AES, but less secure than Serpent. My question is how much more "...
0
votes
0
answers
168
views
Is this a reasonable design for encrypting records in a key/value database?
A while back I designed a protocol for en encrypted key/value service. My main goal was to minimize the value of a breached database by using cryptographic algorithms where a brute-force cracking ...
2
votes
2
answers
410
views
Can I use ChaCha20-Poly1305 as my KDF?
I have two devices that use a PSK. One is embedded and extremely resource confined. I'm already using ChaCha20-Poly1305 so it would be "free" to reuse this. There is no transport encryption ...
1
vote
0
answers
417
views
Would a key recovery attack on ChaCha's keystream would be made more secure with an AONT?
To be clear I'm well aware that ChaCha doesn't need to be "improved". Also, I have no intentions or misguided ideas about trying to "improve" it. My question is hypothetical, and ...
2
votes
0
answers
165
views
How are ChaCha-based ARC4Random CSPRNGs initialized and reseeded?
I'm doing a spare-time project to collect cryptographic algorithms, implement them, and lastly benchmark them.
For the CSPRNG part, I'm evaluating NIST-SP-800-90Ar1 HMAC-DRBG and CTR-DRBG (Hash-DRBG ...
3
votes
0
answers
211
views
Does varying ChaCha rounds add any security?
This paper introduces 'Freestyle' a randomized, and variable round version of the ChaCha cipher. It uses the concept of hash based halting condition, where a decryption attempt with an incorrect key ...
1
vote
1
answer
580
views
Can we encrypt part of the XChaCha/XSalsa nonce?
The xChaCha cipher detailed here extends the nonce 192bits and works as follows (from the link):
Pass the key and the first 16 bytes of the 24-byte nonce to HChaCha20 to obtain the subkey.
Use the ...
2
votes
1
answer
586
views
How to increase Poly1305 performance?
I was analysing the Chacha20 algorithm and the Poly1305 MAC generation from RFC 7539.
It seems that the Chacha20 is quite faster compared to AES on CPUs without hardware support like AES-NI.
But ...
8
votes
3
answers
3k
views
What should the nonce value be for client-side encryption?
I am using the following chacha20poly1305 Rust library to encrypt some data in a desktop application. The user provides the key, which never leaves their device, to locally encrypt some data, and then ...
1
vote
1
answer
219
views
Can repeatedly encrypting a message with a secure cipher ever produce the original input like what happens in ROT13?
Lets say we have a message 'm'.
We encrypt 'm' using a stream cipher or any other type of cipher with cryptographic security that produces an output equal in length to the length of 'm'.
Then if we ...
1
vote
1
answer
488
views
Is it okay to reuse a single symmetric key for a large volume of messages and HMACs, so long as "nonces" are randomly generated for both of them?
https://www.reddit.com/r/crypto/comments/fnku50/nonce_reuse_vs_iv_reuse/
Nonce reuse with the same key is catastrophic to security. The same premise holds for
initialization vectors. If the key ...
2
votes
1
answer
1k
views
Why is it secure to reuse key and nonce in ChaCha20-Poly1305 AEAD construction?
While looking at the ChaCha20 and Poly1305 AEAD construction as defined by RFC 8439, more precisely its use of the key and the nonce, I came up with the questions below. Maybe someone with some in-...
0
votes
1
answer
213
views
Question about ChaCha20's security
I wonder the Stream Cipher ChaCha20 only changes 96 bits each block,
why it can produce 512 bits keystream block,
I mean in the concept of a random number generator,
the ...
2
votes
1
answer
1k
views
Is it safe to reuse the same nonce for decryption an indefinite amount of times in this context?
I'm creating a password management application and I'm considering using the following procedure to keep passwords safe:
Asking the user for raw_password, for ...
3
votes
4
answers
2k
views
Is Salsa20+Poly1305 an AEAD?
I see Chacha20Poly1305, XsalsaPoly1305 and AES GCM usually used and mentioned in literature and implementations as AEAD cyphers. My question is that Poly1305 provides authentication and Salsa20 ...