SlideShare a Scribd company logo
1 of 4
Download to read offline
ChaCha 20 – Poly 1305
Introduction
• ChaCha20-Poly1305 is an Authenticated Encryption
mechanism which combines two primitives:
‣ ChaCha20 for Encryption
‣ Poly1305 for Authentication
• ChaCha20-Poly1305 uses a 64 byte symmetric key
• An input packet consists of a 4 byte Header encoding the length of the
packet, as well as a variable length payload (and a 16 byte MAC if
decrypting)
‣ Packet Length = Length of Header + Length of Payload + Length
of Message Authentication Code (MAC)
Operation
• A first instance of ChaCha20 is used to encrypt the Header using the
first 32 bytes of the key and an Initialization Vector as follows :
‣ Block Counter (BC) = 0s
‣ Nonce = Packet Sequence Number (PSN)
• A second instance is used to generate a key for Poly1305 by using the
last 32 bytes of the key, 0s as input and keeping the first 32 bytes of
output
• This second instance is then used with BC = 1 in Little Endian (LE)
and Nonce = PSN to encrypt the n-byte payload
• ChaCha20 will increment the BC internally but the ChaCha20-
Poly1305 implementation should manage the Nonce (i.e Increment
the PSN for every packet)
• Finally Poly1305 is used on the encrypted header and payload and a
MAC is calculated and appended to the output packet
• For decryption, decrypt the header to get the length then verify the
MAC and decrypt the rest of the packet (using the same procedure as
encryption) only if the MAC is valid
ChaCha 20
Introduction
• ChaCha 20 is a stream cipher developed by Daniel
Bernstein.
• It is a refinement of the Salsa 20 cipher.
• ChaCha 20 works on 4 byte words, takes 16 words of plaintext and
outputs 16 words of ciphertext.
• Operations detailed below are repeated for every 16 words (64 bytes)
of a packet
Operation
• A 16 word Input Matrix is formed as follows :
‣ 4 words of constant value
‣ 8 words of key
‣ 2 words of block counter (which is incremented by ChaCha 20
after each 20 rounds)
‣ 2 words of nonce (which should be managed outside of ChaCha
20)
• For every new 16 words of plaintext, 20 rounds are performed on the
original Input Matrix by alternating Column and Diagonal rounds.
• Each round performs 4 quarter rounds on 4 words as follows:
‣ a += b; d ^= a; d <<<= 16;
‣ c += d; b ^= c; b <<<= 12;
‣ a += b; d ^= a; d <<<= 8;
‣ c += d; b ^= c; b <<<= 7;
• The output of the 20 rounds is summed to the original input matrix
• This is written out in little endian form and XORed to the 16 words of
plaintext to produce 16 words of ciphertext.
• Decryption uses the same procedure as encryption
Poly 1305
Introduction
• Poly1305 is a Wegman-Carter, one-time authenticator
designed by D. J. Bernstein
• It is used to calculate a Message Authentication Code (MAC) for a
message
• Poly 1305 uses a 32 Byte key and operates on an N byte message
Operation
• The first 16 bytes of the one-time key are interpreted as a number _r_
with the following modifications:
‣ The top 4 bits of bytes 3, 7, 11, 15 are set to 0
‣ The bottom 2 bits of bytes 4, 8, 12 are set to 0
‣ The 16 bytes are interpreted as a little endian value
• The accumulator (Acc in the diagram) is set to 0
• For every n bytes read from the N byte message, if n = 16 then just
add a 17th byte having a value of 1 and the 17 bytes are treated as a
little endian number
• If n < 16 then pad with 0s until there are 16 bytes and add the 17th
byte as in the case when n = 16
• The number is then added to the accumulator which is multiplied by
_r_ and the result is saved back to the accumulator
• Note : These operations are all mod 2^130 – 5
• Finally, the last 16 bytes of the key are interpreted as a little endian
number and this number is added to the accumulator mod 2^128
• The result is then written out as a little endian number and this is
taken as the 16 byte tag
Further Reading
• Blog of ChaCha20-Poly1305 Implementer (Damien
Miller)
http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-
openssh.html
• ChaCha20-Poly1305 Draft at IETF
https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-01
• ChaCha20-Poly1305 at OpenBSD
http://www.openbsd.org/cgi-
bin/cvsweb/src/usr.bin/ssh/PROTOCOL.chacha20poly1305?
rev=HEAD;content-type=text/plain
• Salsa 20 Wikepidia Article
http://en.wikipedia.org/wiki/Salsa20
• ChaCha 20 Reference
http://cr.yp.to/chacha/chacha-20080128.pdf

More Related Content

What's hot

CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
What is AES? Advanced Encryption Standards
What is AES? Advanced Encryption StandardsWhat is AES? Advanced Encryption Standards
What is AES? Advanced Encryption StandardsFaisal Shahzad Khan
 
The SHA Hashing Algorithm
The SHA Hashing AlgorithmThe SHA Hashing Algorithm
The SHA Hashing AlgorithmBob Landstrom
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream CiphersSam Bowne
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption StandardPrince Rachit
 
Proposed Lightweight Block Cipher Algorithm for Securing Internet of Things
Proposed Lightweight Block Cipher Algorithm for Securing Internet of ThingsProposed Lightweight Block Cipher Algorithm for Securing Internet of Things
Proposed Lightweight Block Cipher Algorithm for Securing Internet of ThingsSeddiq Q. Abd Al-Rahman
 
Asymmetric Cryptography.pptx
Asymmetric Cryptography.pptxAsymmetric Cryptography.pptx
Asymmetric Cryptography.pptxdiaa46
 
Session 8,9 PCI Express
Session 8,9 PCI ExpressSession 8,9 PCI Express
Session 8,9 PCI ExpressSubhash Iyer
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms WorkCheapSSLsecurity
 
Topic20 The RC4 Algorithm.pptx
Topic20 The RC4 Algorithm.pptxTopic20 The RC4 Algorithm.pptx
Topic20 The RC4 Algorithm.pptxUrjaDhabarde
 
Advanced encryption standard (aes)
Advanced encryption standard (aes)Advanced encryption standard (aes)
Advanced encryption standard (aes)farazvirk554
 
symmetric key encryption algorithms
 symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 

What's hot (20)

SHA-256.pptx
SHA-256.pptxSHA-256.pptx
SHA-256.pptx
 
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITYCS6701 CRYPTOGRAPHY AND NETWORK SECURITY
CS6701 CRYPTOGRAPHY AND NETWORK SECURITY
 
What is AES? Advanced Encryption Standards
What is AES? Advanced Encryption StandardsWhat is AES? Advanced Encryption Standards
What is AES? Advanced Encryption Standards
 
SHA 1 Algorithm
SHA 1 AlgorithmSHA 1 Algorithm
SHA 1 Algorithm
 
The SHA Hashing Algorithm
The SHA Hashing AlgorithmThe SHA Hashing Algorithm
The SHA Hashing Algorithm
 
5. Stream Ciphers
5. Stream Ciphers5. Stream Ciphers
5. Stream Ciphers
 
80486 and pentium
80486 and pentium80486 and pentium
80486 and pentium
 
AES-Advanced Encryption Standard
AES-Advanced Encryption StandardAES-Advanced Encryption Standard
AES-Advanced Encryption Standard
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryption
 
Transport layer security
Transport layer securityTransport layer security
Transport layer security
 
Encryption algorithms
Encryption algorithmsEncryption algorithms
Encryption algorithms
 
Proposed Lightweight Block Cipher Algorithm for Securing Internet of Things
Proposed Lightweight Block Cipher Algorithm for Securing Internet of ThingsProposed Lightweight Block Cipher Algorithm for Securing Internet of Things
Proposed Lightweight Block Cipher Algorithm for Securing Internet of Things
 
Asymmetric Cryptography.pptx
Asymmetric Cryptography.pptxAsymmetric Cryptography.pptx
Asymmetric Cryptography.pptx
 
Session 8,9 PCI Express
Session 8,9 PCI ExpressSession 8,9 PCI Express
Session 8,9 PCI Express
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms Work
 
Topic20 The RC4 Algorithm.pptx
Topic20 The RC4 Algorithm.pptxTopic20 The RC4 Algorithm.pptx
Topic20 The RC4 Algorithm.pptx
 
RC 4
RC 4 RC 4
RC 4
 
Cryptography
CryptographyCryptography
Cryptography
 
Advanced encryption standard (aes)
Advanced encryption standard (aes)Advanced encryption standard (aes)
Advanced encryption standard (aes)
 
symmetric key encryption algorithms
 symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
 

Viewers also liked

AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...AdaLabs
 
AdaLabs FOSDEM 2012 Ada on Rails
AdaLabs FOSDEM 2012 Ada on RailsAdaLabs FOSDEM 2012 Ada on Rails
AdaLabs FOSDEM 2012 Ada on RailsAdaLabs
 
Mauritius 2015/2016 Budget brief
Mauritius 2015/2016 Budget briefMauritius 2015/2016 Budget brief
Mauritius 2015/2016 Budget briefAdaLabs
 
Post processing for quantum key distribution
Post processing for quantum key distributionPost processing for quantum key distribution
Post processing for quantum key distributionwtyru1989
 
5 Cryptography Part2
5 Cryptography Part25 Cryptography Part2
5 Cryptography Part2Alfred Ouyang
 
Salsa Music Presentation
Salsa Music PresentationSalsa Music Presentation
Salsa Music PresentationKMartinez1117
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyMd. Afif Al Mamun
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptographySukhdeep Kaur
 
The Fast Fourier Transform (FFT)
The Fast Fourier Transform (FFT)The Fast Fourier Transform (FFT)
The Fast Fourier Transform (FFT)Oka Danil
 
Introduction to MatLab programming
Introduction to MatLab programmingIntroduction to MatLab programming
Introduction to MatLab programmingDamian T. Gordon
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3koolkampus
 

Viewers also liked (20)

AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
 
AdaLabs FOSDEM 2012 Ada on Rails
AdaLabs FOSDEM 2012 Ada on RailsAdaLabs FOSDEM 2012 Ada on Rails
AdaLabs FOSDEM 2012 Ada on Rails
 
Salsa20
Salsa20Salsa20
Salsa20
 
Mauritius 2015/2016 Budget brief
Mauritius 2015/2016 Budget briefMauritius 2015/2016 Budget brief
Mauritius 2015/2016 Budget brief
 
Toeplitz (2)
Toeplitz (2)Toeplitz (2)
Toeplitz (2)
 
Post processing for quantum key distribution
Post processing for quantum key distributionPost processing for quantum key distribution
Post processing for quantum key distribution
 
Ch 30
Ch 30Ch 30
Ch 30
 
5 Cryptography Part2
5 Cryptography Part25 Cryptography Part2
5 Cryptography Part2
 
Salsa Music Presentation
Salsa Music PresentationSalsa Music Presentation
Salsa Music Presentation
 
Aes
AesAes
Aes
 
Dif fft
Dif fftDif fft
Dif fft
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
 
The Fast Fourier Transform (FFT)
The Fast Fourier Transform (FFT)The Fast Fourier Transform (FFT)
The Fast Fourier Transform (FFT)
 
Introduction to MatLab programming
Introduction to MatLab programmingIntroduction to MatLab programming
Introduction to MatLab programming
 
Cryptography
CryptographyCryptography
Cryptography
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture short
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3
 
A little ssl
A little sslA little ssl
A little ssl
 

Similar to ChaCha20-Poly1305 Cipher Summary - AdaLabs SPARKAda OpenSSH Ciphers

Information and network security 20 data encryption standard des
Information and network security 20 data encryption standard desInformation and network security 20 data encryption standard des
Information and network security 20 data encryption standard desVaibhav Khanna
 
numbering system binary and decimal hex octal
numbering system binary and decimal hex octalnumbering system binary and decimal hex octal
numbering system binary and decimal hex octalnoor300491
 
Data Encryption Standards (1).pptx
Data Encryption Standards (1).pptxData Encryption Standards (1).pptx
Data Encryption Standards (1).pptxSanthosh Prabhu
 
Lecture 11 (dac and comparator) rv01
Lecture 11 (dac and comparator) rv01Lecture 11 (dac and comparator) rv01
Lecture 11 (dac and comparator) rv01cairo university
 
Bitwise Operations(1).pdf
Bitwise Operations(1).pdfBitwise Operations(1).pdf
Bitwise Operations(1).pdfDalvinCalvin
 
data representation
 data representation data representation
data representationHaroon_007
 
Microprocessor lab
Microprocessor labMicroprocessor lab
Microprocessor labKD030303
 
Eshcol tech solutions pvt ltd
Eshcol tech solutions pvt ltdEshcol tech solutions pvt ltd
Eshcol tech solutions pvt ltdOjas Kumar
 

Similar to ChaCha20-Poly1305 Cipher Summary - AdaLabs SPARKAda OpenSSH Ciphers (20)

Information and network security 20 data encryption standard des
Information and network security 20 data encryption standard desInformation and network security 20 data encryption standard des
Information and network security 20 data encryption standard des
 
numbering system binary and decimal hex octal
numbering system binary and decimal hex octalnumbering system binary and decimal hex octal
numbering system binary and decimal hex octal
 
Number Systems - AK.pptx
Number Systems - AK.pptxNumber Systems - AK.pptx
Number Systems - AK.pptx
 
Data Encryption Standards (1).pptx
Data Encryption Standards (1).pptxData Encryption Standards (1).pptx
Data Encryption Standards (1).pptx
 
12117188.ppt
12117188.ppt12117188.ppt
12117188.ppt
 
12117188.ppt
12117188.ppt12117188.ppt
12117188.ppt
 
Lecture 11 (dac and comparator) rv01
Lecture 11 (dac and comparator) rv01Lecture 11 (dac and comparator) rv01
Lecture 11 (dac and comparator) rv01
 
chap3.pdf
chap3.pdfchap3.pdf
chap3.pdf
 
Bitwise Operations(1).pdf
Bitwise Operations(1).pdfBitwise Operations(1).pdf
Bitwise Operations(1).pdf
 
data representation
 data representation data representation
data representation
 
Microprocessor lab
Microprocessor labMicroprocessor lab
Microprocessor lab
 
3-Block Ciphers and DES.pdf
3-Block Ciphers and DES.pdf3-Block Ciphers and DES.pdf
3-Block Ciphers and DES.pdf
 
Fast and Easy Subnetting
Fast and Easy SubnettingFast and Easy Subnetting
Fast and Easy Subnetting
 
Aes algorithm notes
Aes algorithm notesAes algorithm notes
Aes algorithm notes
 
SHA512.pptx
SHA512.pptxSHA512.pptx
SHA512.pptx
 
IDEA.ppt
IDEA.pptIDEA.ppt
IDEA.ppt
 
Eshcol tech solutions pvt ltd
Eshcol tech solutions pvt ltdEshcol tech solutions pvt ltd
Eshcol tech solutions pvt ltd
 
Olumide pidan b
Olumide pidan bOlumide pidan b
Olumide pidan b
 
Number System
Number SystemNumber System
Number System
 
cache memory
cache memorycache memory
cache memory
 

Recently uploaded

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 

Recently uploaded (20)

Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 

ChaCha20-Poly1305 Cipher Summary - AdaLabs SPARKAda OpenSSH Ciphers

  • 1. ChaCha 20 – Poly 1305 Introduction • ChaCha20-Poly1305 is an Authenticated Encryption mechanism which combines two primitives: ‣ ChaCha20 for Encryption ‣ Poly1305 for Authentication • ChaCha20-Poly1305 uses a 64 byte symmetric key • An input packet consists of a 4 byte Header encoding the length of the packet, as well as a variable length payload (and a 16 byte MAC if decrypting) ‣ Packet Length = Length of Header + Length of Payload + Length of Message Authentication Code (MAC) Operation • A first instance of ChaCha20 is used to encrypt the Header using the first 32 bytes of the key and an Initialization Vector as follows : ‣ Block Counter (BC) = 0s ‣ Nonce = Packet Sequence Number (PSN) • A second instance is used to generate a key for Poly1305 by using the last 32 bytes of the key, 0s as input and keeping the first 32 bytes of output • This second instance is then used with BC = 1 in Little Endian (LE) and Nonce = PSN to encrypt the n-byte payload • ChaCha20 will increment the BC internally but the ChaCha20- Poly1305 implementation should manage the Nonce (i.e Increment the PSN for every packet) • Finally Poly1305 is used on the encrypted header and payload and a MAC is calculated and appended to the output packet • For decryption, decrypt the header to get the length then verify the MAC and decrypt the rest of the packet (using the same procedure as encryption) only if the MAC is valid
  • 2. ChaCha 20 Introduction • ChaCha 20 is a stream cipher developed by Daniel Bernstein. • It is a refinement of the Salsa 20 cipher. • ChaCha 20 works on 4 byte words, takes 16 words of plaintext and outputs 16 words of ciphertext. • Operations detailed below are repeated for every 16 words (64 bytes) of a packet Operation • A 16 word Input Matrix is formed as follows : ‣ 4 words of constant value ‣ 8 words of key ‣ 2 words of block counter (which is incremented by ChaCha 20 after each 20 rounds) ‣ 2 words of nonce (which should be managed outside of ChaCha 20) • For every new 16 words of plaintext, 20 rounds are performed on the original Input Matrix by alternating Column and Diagonal rounds. • Each round performs 4 quarter rounds on 4 words as follows: ‣ a += b; d ^= a; d <<<= 16; ‣ c += d; b ^= c; b <<<= 12; ‣ a += b; d ^= a; d <<<= 8; ‣ c += d; b ^= c; b <<<= 7; • The output of the 20 rounds is summed to the original input matrix • This is written out in little endian form and XORed to the 16 words of plaintext to produce 16 words of ciphertext. • Decryption uses the same procedure as encryption
  • 3. Poly 1305 Introduction • Poly1305 is a Wegman-Carter, one-time authenticator designed by D. J. Bernstein • It is used to calculate a Message Authentication Code (MAC) for a message • Poly 1305 uses a 32 Byte key and operates on an N byte message Operation • The first 16 bytes of the one-time key are interpreted as a number _r_ with the following modifications: ‣ The top 4 bits of bytes 3, 7, 11, 15 are set to 0 ‣ The bottom 2 bits of bytes 4, 8, 12 are set to 0 ‣ The 16 bytes are interpreted as a little endian value • The accumulator (Acc in the diagram) is set to 0 • For every n bytes read from the N byte message, if n = 16 then just add a 17th byte having a value of 1 and the 17 bytes are treated as a little endian number • If n < 16 then pad with 0s until there are 16 bytes and add the 17th byte as in the case when n = 16 • The number is then added to the accumulator which is multiplied by _r_ and the result is saved back to the accumulator • Note : These operations are all mod 2^130 – 5 • Finally, the last 16 bytes of the key are interpreted as a little endian number and this number is added to the accumulator mod 2^128 • The result is then written out as a little endian number and this is taken as the 16 byte tag
  • 4. Further Reading • Blog of ChaCha20-Poly1305 Implementer (Damien Miller) http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in- openssh.html • ChaCha20-Poly1305 Draft at IETF https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-01 • ChaCha20-Poly1305 at OpenBSD http://www.openbsd.org/cgi- bin/cvsweb/src/usr.bin/ssh/PROTOCOL.chacha20poly1305? rev=HEAD;content-type=text/plain • Salsa 20 Wikepidia Article http://en.wikipedia.org/wiki/Salsa20 • ChaCha 20 Reference http://cr.yp.to/chacha/chacha-20080128.pdf