OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Groups - Adding [X]Salsa20 and [X]Chacha20 to the Chacha20/Poly1305 proposal uploaded


Document Name: Adding [X]Salsa20 and [X]Chacha20 to the Chacha20/Poly1305 proposal

Description
[X]Salsa20, [X]Chacha20 are additions to the ChaCha20/Poly1305 proposal
as posted by Chris Zimman on 20-July-2016, and accepted at 8th, August
2016. Salsa [1] (ESTREAM finalist) and Chacha [2] (CEASAR contestant)
differ slightly in their round function and both are widely used. The
X* versions differ in their handling of nonces.

Added xchacha20, renamed chacha20 to chacha20_ietf, and added instead
the original chacha20. These 3 mechanism only differ in their size and
handling of their nonce. The original chacha20 is 64+64bits, the ietf
version as originally called chacha20 in the adopted Zimman proposal)
is 96+32 bits, and xchacha20 as introduced by libsodium is 128+64
bits. This has an impact on how safe random nonces are and how much
data can be encrypted with one key/nonce pair. New
CK_*CHACHA20*_PARAMS are introduced to handle these differences.

Furthermore for completeness Salsa20/XSalsa20 has also been
introduced, the two again only differing in their nonce size and use
affecting the safety of random nonces.

[1] https://cr.yp.to/snuffle.html
[2] https://cr.yp.to/chacha.html
Download Latest Revision
Public Download Link

Submitter: Stefan Marsiske
Group: OASIS PKCS 11 TC
Folder: Working Drafts
Date submitted: 2017-12-19 06:07:23



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]