Cryptography ‐ ChaCha20 Poly1305 - Arrbat/Veil-Forge GitHub Wiki
Introduction
Here it will be discussed what ChaCha20 - stream cipher is, why is Poly1305 and why it is great to use them both. Without basic knowledge of crypto and some math it is impossible to explain how it works, for anyone who wants to deeply understand applied cryptography I recommend this book:
A Graduate Course in Applied Cryptography
Dan Boneh and Victor Shoup
3.6 Case study: the Salsa and ChaCha PRGs
6. Message Integrity
Also very good article about both ChaCha20 and Poly1305, and combination of them
ChaCha20
ChaCha20 is a stream cipher developed by Daniel J. Bernstein, designed as an improvement over Salsa20. Both ciphers are built on the same family of pseudorandom functions but ChaCha introduces a better diffusion per round and is more resistant to cryptanalysis.
Visual representation of ChaCha’s internal structure:
where
- pad(s, j, n) function
- pi means permutation function
- used 64-bit counter and 64-bit nonce
or architecture representation:
Poly1305
Poly1305 is a one-time, fast Message Authentication Code (MAC) algorithm, also designed by Bernstein. It operates over a 128-bit prime field and provides data integrity by producing a 16-byte tag.
Architecture is below:
ChaCha20+Poly1305
When combined, ChaCha20 for encryption and Poly1305 for authentication, the result is a powerful authenticated encryption with associated data (AEAD). So we ensure that there are:
- Confidentiality
- Integrity
- authenticity
Overall combination implements idea Encrypt-then-MAC
(second line on the image), the process is following:
-
Encrypt the plaintext using ChaCha20.
-
MAC the ciphertext + AAD using Poly1305.
-
Output the ciphertext + authentication tag.
Project`s context
In this project, ChaCha20-Poly1305 is used to:
Encrypt the payload securely,
Authenticate the ciphertext and optional AAD,
Obfuscate the key and nonce values.
Also this combination is faster then some implementations where AES is main algorithm