[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Groups - Adding [X]Salsa20 and [X]Chacha20 to the Chacha20/Poly1305 proposal uploaded
Document Name: Adding [X]Salsa20 and [X]Chacha20 to the Chacha20/Poly1305 proposal Description [X]Salsa20, [X]Chacha20 are additions to the ChaCha20/Poly1305 proposal as posted by Chris Zimman on 20-July-2016, and accepted at 8th, August 2016. Salsa [1] (ESTREAM finalist) and Chacha [2] (CEASAR contestant) differ slightly in their round function and both are widely used. The X* versions differ in their handling of nonces. Added xchacha20, renamed chacha20 to chacha20_ietf, and added instead the original chacha20. These 3 mechanism only differ in their size and handling of their nonce. The original chacha20 is 64+64bits, the ietf version as originally called chacha20 in the adopted Zimman proposal) is 96+32 bits, and xchacha20 as introduced by libsodium is 128+64 bits. This has an impact on how safe random nonces are and how much data can be encrypted with one key/nonce pair. New CK_*CHACHA20*_PARAMS are introduced to handle these differences. Furthermore for completeness Salsa20/XSalsa20 has also been introduced, the two again only differing in their nonce size and use affecting the safety of random nonces. [1] https://cr.yp.to/snuffle.html [2] https://cr.yp.to/chacha.html Download Latest Revision Public Download Link Submitter: Stefan Marsiske Group: OASIS PKCS 11 TC Folder: Working Drafts Date submitted: 2017-12-19 06:07:23 |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]