ChaCha20 and Poly1305 for IETF protocols
draft-irtf-cfrg-chacha20-poly1305-02
The information below is for an old version of the document |
Document |
Type |
|
Active Internet-Draft (cfrg RG)
|
|
Last updated |
|
2014-10-29
(latest revision 2014-10-17)
|
|
Replaces |
|
draft-nir-cfrg-chacha20-poly1305
|
|
Stream |
|
IRTF
|
|
Intended RFC status |
|
Informational
|
|
Formats |
|
plain text
pdf
html
bibtex
|
|
IETF conflict review |
|
conflict-review-irtf-cfrg-chacha20-poly1305 |
|
Additional URLs |
|
|
Stream |
IRTF state
|
|
Waiting for Document Shepherd
|
|
Consensus Boilerplate |
|
Yes
|
|
Document shepherd |
|
Alexey Melnikov
|
IESG |
IESG state |
|
I-D Exists
|
|
Telechat date |
|
|
|
Responsible AD |
|
(None)
|
|
Send notices to |
|
"Alexey Melnikov" <alexey.melnikov@isode.com>
|
Network Working Group Y. Nir
Internet-Draft Check Point
Intended status: Informational A. Langley
Expires: April 20, 2015 Google Inc
October 17, 2014
ChaCha20 and Poly1305 for IETF protocols
draft-irtf-cfrg-chacha20-poly1305-02
Abstract
This document defines the ChaCha20 stream cipher, as well as the use
of the Poly1305 authenticator, both as stand-alone algorithms, and as
a "combined mode", or Authenticated Encryption with Additional Data
(AEAD) algorithm.
This document does not introduce any new crypto, but is meant to
serve as a stable reference and an implementation guide.
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 20, 2015.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document.
Nir & Langley Expires April 20, 2015 [Page 1]
Internet-Draft ChaCha20 & Poly1305 October 2014
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Conventions Used in This Document . . . . . . . . . . . . 3
2. The Algorithms . . . . . . . . . . . . . . . . . . . . . . . . 4
2.1. The ChaCha Quarter Round . . . . . . . . . . . . . . . . . 4
2.1.1. Test Vector for the ChaCha Quarter Round . . . . . . . 4
2.2. A Quarter Round on the ChaCha State . . . . . . . . . . . 5
2.2.1. Test Vector for the Quarter Round on the ChaCha
state . . . . . . . . . . . . . . . . . . . . . . . . 5
2.3. The ChaCha20 block Function . . . . . . . . . . . . . . . 6
2.3.1. The ChaCha20 Block Function in Pseudo-Code . . . . . . 7
2.3.2. Test Vector for the ChaCha20 Block Function . . . . . 8
2.4. The ChaCha20 encryption algorithm . . . . . . . . . . . . 9
2.4.1. The ChaCha20 encryption algorithm in Pseudo-Code . . . 10
2.4.2. Example and Test Vector for the ChaCha20 Cipher . . . 10
2.5. The Poly1305 algorithm . . . . . . . . . . . . . . . . . . 12
2.5.1. The Poly1305 Algorithms in Pseudo-Code . . . . . . . . 14
2.5.2. Poly1305 Example and Test Vector . . . . . . . . . . . 14
2.6. Generating the Poly1305 key using ChaCha20 . . . . . . . . 15
2.6.1. Poly1305 Key Generation in Pseudo-Code . . . . . . . . 16
2.6.2. Poly1305 Key Generation Test Vector . . . . . . . . . 17
2.7. A Pseudo-Random Function for ChaCha/Poly-1305 based
Crypto Suites . . . . . . . . . . . . . . . . . . . . . . 17
2.8. AEAD Construction . . . . . . . . . . . . . . . . . . . . 18
2.8.1. Pseudo-Code for the AEAD Construction . . . . . . . . 19
2.8.2. Example and Test Vector for AEAD_CHACHA20-POLY1305 . . 20
3. Implementation Advice . . . . . . . . . . . . . . . . . . . . 22
4. Security Considerations . . . . . . . . . . . . . . . . . . . 23
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 24
7. Changes from Previous Versions . . . . . . . . . . . . . . . . 24
7.1. Changes from version -01 to version -02 . . . . . . . . . 24
7.2. Changes from version -00 to version -01 . . . . . . . . . 24
7.3. Changes from draft-nir-cfrg to draft-irtf-cfrg . . . . . . 25
8. References . . . . . . . . . . . . . . . . . . . . . . . . . . 25
8.1. Normative References . . . . . . . . . . . . . . . . . . . 25
8.2. Informative References . . . . . . . . . . . . . . . . . . 25
Appendix A. Additional Test Vectors . . . . . . . . . . . . . . . 26
A.1. The ChaCha20 Block Functions . . . . . . . . . . . . . . . 26
A.2. ChaCha20 Encryption . . . . . . . . . . . . . . . . . . . 29
Show full document text