ChaCha20 and Poly1305 for IETF protocols
draft-irtf-cfrg-chacha20-poly1305-03
Network Working Group Y. Nir
Internet-Draft Check Point
Intended status: Informational A. Langley
Expires: May 13, 2015 Google Inc
November 9, 2014
ChaCha20 and Poly1305 for IETF protocols
draft-irtf-cfrg-chacha20-poly1305-03
Abstract
This document defines the ChaCha20 stream cipher, as well as the use
of the Poly1305 authenticator, both as stand-alone algorithms, and as
a "combined mode", or Authenticated Encryption with Additional Data
(AEAD) algorithm.
This document does not introduce any new crypto, but is meant to
serve as a stable reference and an implementation guide. It is a
product of the Crypto Forum Research Group (CFRG)
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 13, 2015.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
Nir & Langley Expires May 13, 2015 [Page 1]
Internet-Draft ChaCha20 & Poly1305 November 2014
carefully, as they describe your rights and restrictions with respect
to this document.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. Conventions Used in This Document . . . . . . . . . . . . 3
2. The Algorithms . . . . . . . . . . . . . . . . . . . . . . . 4
2.1. The ChaCha Quarter Round . . . . . . . . . . . . . . . . 4
2.1.1. Test Vector for the ChaCha Quarter Round . . . . . . 5
2.2. A Quarter Round on the ChaCha State . . . . . . . . . . . 5
2.2.1. Test Vector for the Quarter Round on the ChaCha state 5
2.3. The ChaCha20 block Function . . . . . . . . . . . . . . . 6
2.3.1. The ChaCha20 Block Function in Pseudo-Code . . . . . 7
2.3.2. Test Vector for the ChaCha20 Block Function . . . . . 8
2.4. The ChaCha20 encryption algorithm . . . . . . . . . . . . 9
2.4.1. The ChaCha20 encryption algorithm in Pseudo-Code . . 10
2.4.2. Example and Test Vector for the ChaCha20 Cipher . . . 10
2.5. The Poly1305 algorithm . . . . . . . . . . . . . . . . . 12
2.5.1. The Poly1305 Algorithms in Pseudo-Code . . . . . . . 14
2.5.2. Poly1305 Example and Test Vector . . . . . . . . . . 14
2.6. Generating the Poly1305 key using ChaCha20 . . . . . . . 15
2.6.1. Poly1305 Key Generation in Pseudo-Code . . . . . . . 16
2.6.2. Poly1305 Key Generation Test Vector . . . . . . . . . 17
2.7. A Pseudo-Random Function for ChaCha/Poly-1305 based
Crypto Suites . . . . . . . . . . . . . . . . . . . . . . 17
2.8. AEAD Construction . . . . . . . . . . . . . . . . . . . . 18
2.8.1. Pseudo-Code for the AEAD Construction . . . . . . . . 20
2.8.2. Example and Test Vector for AEAD_CHACHA20-POLY1305 . 20
3. Implementation Advice . . . . . . . . . . . . . . . . . . . . 22
4. Security Considerations . . . . . . . . . . . . . . . . . . . 23
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 24
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 24
7. Changes from Previous Versions . . . . . . . . . . . . . . . 24
7.1. Changes from version -01 to version -02 . . . . . . . . . 24
7.2. Changes from version -00 to version -01 . . . . . . . . . 24
7.3. Changes from draft-nir-cfrg to draft-irtf-cfrg . . . . . 25
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 25
8.1. Normative References . . . . . . . . . . . . . . . . . . 25
8.2. Informative References . . . . . . . . . . . . . . . . . 25
Appendix A. Additional Test Vectors . . . . . . . . . . . . . . 26
A.1. The ChaCha20 Block Functions . . . . . . . . . . . . . . 26
A.2. ChaCha20 Encryption . . . . . . . . . . . . . . . . . . . 29
Show full document text