Questions tagged [chacha]
ChaCha is a family of stream ciphers proposed by Daniel J. Bernstein, as an evolution of Salsa20 with (conjecturally) improved resistance to cryptanalysis.
179
questions
2
votes
2
answers
109
views
Can you use ChaCha20 as one-time pad?
My knowledge of cryptography nothing beyond basic so I am by no means an expert, but I do know a bit of undergraduate mathematics including number theory.
I know that stream ciphers like ChaCha20 is ...
- 21
0
votes
0
answers
49
views
ChaCha20 1Gb encryption speed question
I wrote a simple implementation of ChaCha20 encryptor for files in C using MbedTLS implementation. The process of encryption is standard - I set key, then for each block of fixed size I generate new ...
- 1
1
vote
1
answer
340
views
ChaCha20 as a block cipher
Would it be possible to use ChaCha20 as a block cipher? With the key, the entire block function can be reversed.
- 13
1
vote
2
answers
156
views
Constant values of ChaCha20
Is it possible to change the constant values of ChaCha20?
and how it will affect the security of the cipher.
- 21
1
vote
0
answers
72
views
Extended-Chacha20
Research paper: "Extended-Chacha20 Stream Cipher With
Enhanced Quarter Round Function"
The initial matrix is 6x6, but what are the exact inputs for each index, in other words, how will you ...
- 21
1
vote
2
answers
316
views
Hamming Distance and Avalanche effect in Cryptography?
I am new to Cryptography and I know there are better ways to test a cipher's effectiveness out there but in this case I am trying to test a cryptographic algorithm's(AES,xchacha20,twofish) hamming ...
- 43
3
votes
1
answer
485
views
Is there any way to measure entropy of encryption algorithms in python?
I am new to cryptography and I am trying to find a way to measure ciphertext entropy of encryption algorithms such as AES, Chacha20, etc for a school project. Is there any way to do it on Python? I ...
- 43
2
votes
1
answer
244
views
Why doesn't ChaCha use a 512bit key and xor parameters into it?
ChaCha has clear delineations between key, nonce, counter and constants.
What is the reason for not using a XEX-like ($k=0$) approach such that the ChaCha key is 512 bits and all the other things are ...
2
votes
1
answer
199
views
48-bit nonce reuse with ChaCha20
The situation:
I have a group with 20 members, each member broadcasting 1 message per second. Communicating one on one is possible, but 1 message per member per second is the absolute limit and every ...
- 43
0
votes
1
answer
161
views
Chacha20 key/nonce/counter correct usage
Setting all 48 ChaCha state bytes (key, nonce, initial counter) from one result of strong hash function like sha3-384 or blake2b - correct usage? or bad practice?
PS: using original chacha20 (8bytes ...
0
votes
1
answer
360
views
ChaCha20-Poly1305 and AES-GCM-SIV output size
Background information:
I need to encrypt 168bit messages, the ciphertext should, preferably, match the plaintext size. Message Authentication and Integrity is not a must, but a really important ...
- 43
2
votes
1
answer
139
views
Recommended output filter for Rumba20 [closed]
Rumba20 is a compression function that maps a 192-byte (1536-bit) string to a 64-byte (512-bit) string. It's designed to provide collision resistance by using Salsa20 (or ChaCha20) with the ...
- 1,833
3
votes
2
answers
1k
views
Encrypting arbitrary large files in AEAD chunks - how to protect against chunk reordering?
I would like to encrypt big files using an authenticated cipher. I am convinced to use approach where file is divided into smaller manageable chunks that fit easily in memory (e.g. 1-10MB size) which ...
- 133
0
votes
1
answer
217
views
If ChaCha20 only has 128 bits, is it secure?
ChaCha20 also provides 256-bit encryption, i.e, 2^256 possibilities of keys. But ChaCha20 is very fast, I think it provides at most 2^256 multiplied by decrypting time. 256-bit AES provides 254-bit ...
- 361
2
votes
1
answer
74
views
Choice of nonce for reproducible encryption
In my application I have an SQLite database that stores labels for images, like this:
IMAGE ID
LABEL
1
foo
1
bar
2
bar
3
foo
The LABEL column is indexed as it is important that I can efficiently ...
- 173
2
votes
1
answer
267
views
Does triple ChaCha20 have 256-bit post-quantum security?
Experts suggested 3DES when AES wasn't developed yet, since meet-in-the-middle attack, they suggested triple DES. Grover's algorithm, a quantum algorithm, weakens symmetric encryptions, how about ...
- 361
1
vote
1
answer
330
views
Age: stream cipher with public key cryptography?
I have some rudimentary cryptography knowledge but am by no means an expert.
I generally understand stream ciphers, such as such as ChaCha20-Poly1305, to be symmetric. I am wondering how age (https://...
0
votes
1
answer
157
views
Do multiple keys mitigate Grover algorithm?
Grover, a quantum algorithm, weakens AES and ChaCha20. Is it possible to use multiple symmetric keys to encrypt a message multiple times to achieve 256-bit security for quantum computers?
- 361
1
vote
1
answer
502
views
XChaCha20-Poly1305 question about IV's
I've a question about XChaCha20-Poly1305, from a brute force perspective. Suppose we have the power to brute force crack it. If the IV is known to the attacker and it's only one file. The time needed ...
- 13
7
votes
2
answers
780
views
Fast cipher without needing hardware support (like ChaCha20) for disk encryption
On my old laptop, ChaCha20 is quite a bit faster than AES as there is no hardware acceleration for AES. But for disk encryption AES based schemes seem to be the only option, as a stream cipher like ...
- 233
2
votes
0
answers
343
views
Why is using ChaCha20 for disk encryption insecure?
https://en.wikipedia.org/wiki/Disk_encryption_theory
Why do we use XTS over CTR for disk encryption?
If we used ChaCha20 (without authentication) by simply encrypting each disk sector with the same ...
- 21
4
votes
0
answers
160
views
ChaCha-based Sponge PRNG fails PractRand suite
TL;DR: My simple ChaCha-based sponge PRNG is getting "unusual" evaluation from PractRand test battery pretty reliably, sometimes even within the first GB; I'm trying understand why.
I was in ...
- 149
1
vote
1
answer
1k
views
XChaCha20-Poly1305 vs Plain ChaCha20-Poly1305 performance
I know that the security of both are the same (only nonce size is different). But which one is faster and better to use, when encrypting a lot of files (500+, from 1MB to 200MB)?
- 25
1
vote
1
answer
140
views
Is it possible to extend CMAC for ChaCha
CMAC is defined for AES for authentication. My question is pretty simple: is it possible to extend CMAC for ChaCha? Does it even make sense? I cannot find anything related and I am wondering if I am ...
0
votes
1
answer
140
views
Various attacks on cipher-images & tools, especially stream-cipher?
What kind of attack of image encryption that exist out there, especially if the cipherimage was created using secure stream-cipher like Salsa20 (256 key) or ChaCha20 (256 key)?
From https://cr.yp.to/...
- 87
1
vote
1
answer
431
views
Dividing an encrypted file is secure against classical or quantum
I'm very new to cryptography and this may sound so foolish. Often I read quantum computers will brute force keys. Let's assume this is true (does it depend on key length? or on an algorithm? I don't ...
- 13
6
votes
1
answer
4k
views
is XChaCha20 stronger than ChaCha20?
Some of the encrypted messenger apps and password managers use extended version of Bernstein's ciphers and some of them not.
Viber-Salsa20
Wire-ChaCha20
Threema-XSalsa20
Sid-Salsa20
Nordpass-XChaCha20
...
- 61
1
vote
0
answers
215
views
Is ChaCha20 + HMAC(SHA3) output indistinguishable from randomness?
I was wondering, if the output of following type of ChaCha + HMAC scheme is indistinguishable from randomness:
...
0
votes
1
answer
165
views
ChaCha Single-Use RNG with All Zero Plaintext + Nonce
I am creating an internal application that will be used to generate and manage self-signed certificates and certificate authorities. Its primary use will be for generating certificates used in SSL ...
- 145
4
votes
0
answers
153
views
Why Block Ciphers
I fail to understand what block ciphers can do that stream ciphers cannot.
Also aren't they construct able from one another.
prg(stream cipher) -> prf -> prp(block cipher)
Any practical example ...
- 41