-
Notifications
You must be signed in to change notification settings - Fork 0
Additional notes
Under the hood ChaCha20 is a 512 bit hash function (64b block) with a 256 bit key (8 * 32b), running in CTR mode to get a stream cipher. It is not a block cipher.
The core of the Salsa20 (and ChaCha) function is a hash function which maps 64 input bytes to a unique and irreversible 64-byte output key-stream. Its 64-bit block counter restricts the maximum number of blocks for the out-put keystream to 2^64 (i.e., a maximum keystream of 2^40GB).
The core of Salsa20 is a very simple hash function designed to be fast and flexible for multiple constructions. Bernstein designed the stream cipher we all know based on it, and also Rumba20, which is a more tradition collision-resistant cryptographic hash. Designing ciphers out of hash functions has been a research interest of Bernstein's since the 1990s, when hash functions were approved for export but ciphers not.
Being a stream cipher you can also precompute the keystream for a given block (using a different counter). ARX scheme allows to be vectorized using SEE/AVX/AVX2, some sections of code can also be carried out simultaneously by multiple CPU cores.
To get the part of the stream you want, you just generate the block you need (they're all the same, only the counter changes), then encrypt it. No need to generate all previous blocks.
A 32-bit initial counter. This can be set to any number, but will usually be zero or one. It makes sense to use 1 if we use the zero block for something else, such as generating a one-time authenticator key as part of an AEAD algorithm.
A further argument against S-box lookups is that, on most platforms, they are vulnerable to timing attacks. NIST’s >statement to the contrary in [19, Section 3.6.2] (table lookup is “not vulnerable to timing attacks”) is erroneous. >It is extremely difficult to work around this problem without sacrificing a tremendous amount of speed. (D. J. Bernstein)
https://www.isara.com/resources/what-is-quantum-safe.html
https://www.isara.com/blog-posts/qkd-qsc-becoming-quantum-ready.html