ChaCha20 and Poly1305 for IETF protocols
draft-irtf-cfrg-chacha20-poly1305-03

The information below is for an old version of the document
Document Type Active Internet-Draft (cfrg RG)
Last updated 2014-11-09
Replaces draft-nir-cfrg-chacha20-poly1305
Stream IRTF
Intended RFC status Informational
Formats plain text pdf html bibtex
IETF conflict review conflict-review-irtf-cfrg-chacha20-poly1305
Additional URLs
- Mailing list discussion
Stream IRTF state Awaiting IRSG Reviews
Consensus Boilerplate Yes
Document shepherd Alexey Melnikov
IESG IESG state I-D Exists::AD Followup
Telechat date
Responsible AD (None)
Send notices to "Alexey Melnikov" <alexey.melnikov@isode.com>
Email authors Email RG IPR References Referenced by Nits 
Network Working Group                                             Y. Nir
Internet-Draft                                               Check Point
Intended status: Informational                                A. Langley
Expires: May 13, 2015                                         Google Inc
                                                        November 9, 2014

                ChaCha20 and Poly1305 for IETF protocols
                  draft-irtf-cfrg-chacha20-poly1305-03

Abstract

   This document defines the ChaCha20 stream cipher, as well as the use
   of the Poly1305 authenticator, both as stand-alone algorithms, and as
   a "combined mode", or Authenticated Encryption with Additional Data
   (AEAD) algorithm.

   This document does not introduce any new crypto, but is meant to
   serve as a stable reference and an implementation guide.  It is a
   product of the Crypto Forum Research Group (CFRG)

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on May 13, 2015.

Copyright Notice

   Copyright (c) 2014 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents

Nir & Langley             Expires May 13, 2015                  [Page 1]
Internet-Draft             ChaCha20 & Poly1305             November 2014

   carefully, as they describe your rights and restrictions with respect
   to this document.

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
     1.1.  Conventions Used in This Document . . . . . . . . . . . .   3
   2.  The Algorithms  . . . . . . . . . . . . . . . . . . . . . . .   4
     2.1.  The ChaCha Quarter Round  . . . . . . . . . . . . . . . .   4
       2.1.1.  Test Vector for the ChaCha Quarter Round  . . . . . .   5
     2.2.  A Quarter Round on the ChaCha State . . . . . . . . . . .   5
       2.2.1.  Test Vector for the Quarter Round on the ChaCha state   5
     2.3.  The ChaCha20 block Function . . . . . . . . . . . . . . .   6
       2.3.1.  The ChaCha20 Block Function in Pseudo-Code  . . . . .   7
       2.3.2.  Test Vector for the ChaCha20 Block Function . . . . .   8
     2.4.  The ChaCha20 encryption algorithm . . . . . . . . . . . .   9
       2.4.1.  The ChaCha20 encryption algorithm in Pseudo-Code  . .  10
       2.4.2.  Example and Test Vector for the ChaCha20 Cipher . . .  10
     2.5.  The Poly1305 algorithm  . . . . . . . . . . . . . . . . .  12
       2.5.1.  The Poly1305 Algorithms in Pseudo-Code  . . . . . . .  14
       2.5.2.  Poly1305 Example and Test Vector  . . . . . . . . . .  14
     2.6.  Generating the Poly1305 key using ChaCha20  . . . . . . .  15
       2.6.1.  Poly1305 Key Generation in Pseudo-Code  . . . . . . .  16
       2.6.2.  Poly1305 Key Generation Test Vector . . . . . . . . .  17
     2.7.  A Pseudo-Random Function for ChaCha/Poly-1305 based
           Crypto Suites . . . . . . . . . . . . . . . . . . . . . .  17
     2.8.  AEAD Construction . . . . . . . . . . . . . . . . . . . .  18
       2.8.1.  Pseudo-Code for the AEAD Construction . . . . . . . .  20
       2.8.2.  Example and Test Vector for AEAD_CHACHA20-POLY1305  .  20
   3.  Implementation Advice . . . . . . . . . . . . . . . . . . . .  22
   4.  Security Considerations . . . . . . . . . . . . . . . . . . .  23
   5.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  24
   6.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . .  24
   7.  Changes from Previous Versions  . . . . . . . . . . . . . . .  24
     7.1.  Changes from version -01 to version -02 . . . . . . . . .  24
     7.2.  Changes from version -00 to version -01 . . . . . . . . .  24
     7.3.  Changes from draft-nir-cfrg to draft-irtf-cfrg  . . . . .  25
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .  25
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .  25
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  25
   Appendix A.  Additional Test Vectors  . . . . . . . . . . . . . .  26
     A.1.  The ChaCha20 Block Functions  . . . . . . . . . . . . . .  26
     A.2.  ChaCha20 Encryption . . . . . . . . . . . . . . . . . . .  29
Show full document text
ISOC IETF Trust RFC Editor IRTF IESG IETF IAB IASA & IAOC IETF Tools IANA