SlideShare a Scribd company logo

ChaCha20-Poly1305 Cipher Summary - AdaLabs SPARKAda OpenSSH Ciphers

AdaLabs
AdaLabs

Chacha20Poly1305-Ada is a full Ada implementation of the Chacha20Poly1305 cypher (http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03)

Technology
1 of 4
Download to read offline
ChaCha 20 – Poly 1305 Introduction • ChaCha20-Poly1305 is an Authenticated Encryption mechanism which combines two primitives: ‣ ChaCha20 for Encryption ‣ Poly1305 for Authentication • ChaCha20-Poly1305 uses a 64 byte symmetric key • An input packet consists of a 4 byte Header encoding the length of the packet, as well as a variable length payload (and a 16 byte MAC if decrypting) ‣ Packet Length = Length of Header + Length of Payload + Length of Message Authentication Code (MAC) Operation • A first instance of ChaCha20 is used to encrypt the Header using the first 32 bytes of the key and an Initialization Vector as follows : ‣ Block Counter (BC) = 0s ‣ Nonce = Packet Sequence Number (PSN) • A second instance is used to generate a key for Poly1305 by using the last 32 bytes of the key, 0s as input and keeping the first 32 bytes of output • This second instance is then used with BC = 1 in Little Endian (LE) and Nonce = PSN to encrypt the n-byte payload • ChaCha20 will increment the BC internally but the ChaCha20- Poly1305 implementation should manage the Nonce (i.e Increment the PSN for every packet) • Finally Poly1305 is used on the encrypted header and payload and a MAC is calculated and appended to the output packet • For decryption, decrypt the header to get the length then verify the MAC and decrypt the rest of the packet (using the same procedure as encryption) only if the MAC is valid
ChaCha 20 Introduction • ChaCha 20 is a stream cipher developed by Daniel Bernstein. • It is a refinement of the Salsa 20 cipher. • ChaCha 20 works on 4 byte words, takes 16 words of plaintext and outputs 16 words of ciphertext. • Operations detailed below are repeated for every 16 words (64 bytes) of a packet Operation • A 16 word Input Matrix is formed as follows : ‣ 4 words of constant value ‣ 8 words of key ‣ 2 words of block counter (which is incremented by ChaCha 20 after each 20 rounds) ‣ 2 words of nonce (which should be managed outside of ChaCha 20) • For every new 16 words of plaintext, 20 rounds are performed on the original Input Matrix by alternating Column and Diagonal rounds. • Each round performs 4 quarter rounds on 4 words as follows: ‣ a += b; d ^= a; d <<<= 16; ‣ c += d; b ^= c; b <<<= 12; ‣ a += b; d ^= a; d <<<= 8; ‣ c += d; b ^= c; b <<<= 7; • The output of the 20 rounds is summed to the original input matrix • This is written out in little endian form and XORed to the 16 words of plaintext to produce 16 words of ciphertext. • Decryption uses the same procedure as encryption
Poly 1305 Introduction • Poly1305 is a Wegman-Carter, one-time authenticator designed by D. J. Bernstein • It is used to calculate a Message Authentication Code (MAC) for a message • Poly 1305 uses a 32 Byte key and operates on an N byte message Operation • The first 16 bytes of the one-time key are interpreted as a number _r_ with the following modifications: ‣ The top 4 bits of bytes 3, 7, 11, 15 are set to 0 ‣ The bottom 2 bits of bytes 4, 8, 12 are set to 0 ‣ The 16 bytes are interpreted as a little endian value • The accumulator (Acc in the diagram) is set to 0 • For every n bytes read from the N byte message, if n = 16 then just add a 17th byte having a value of 1 and the 17 bytes are treated as a little endian number • If n < 16 then pad with 0s until there are 16 bytes and add the 17th byte as in the case when n = 16 • The number is then added to the accumulator which is multiplied by _r_ and the result is saved back to the accumulator • Note : These operations are all mod 2^130 – 5 • Finally, the last 16 bytes of the key are interpreted as a little endian number and this number is added to the accumulator mod 2^128 • The result is then written out as a little endian number and this is taken as the 16 byte tag
Further Reading • Blog of ChaCha20-Poly1305 Implementer (Damien Miller) http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in- openssh.html • ChaCha20-Poly1305 Draft at IETF https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-01 • ChaCha20-Poly1305 at OpenBSD http://www.openbsd.org/cgi- bin/cvsweb/src/usr.bin/ssh/PROTOCOL.chacha20poly1305? rev=HEAD;content-type=text/plain • Salsa 20 Wikepidia Article http://en.wikipedia.org/wiki/Salsa20 • ChaCha 20 Reference http://cr.yp.to/chacha/chacha-20080128.pdf

Recommended

CNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream CiphersCNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream CiphersSam Bowne
 
DES Cipher
DES CipherDES Cipher
DES CipherHardik Sondagar
 
Chacha ppt
Chacha pptChacha ppt
Chacha pptVikramSingh1378
 
CNIT 141: 2. Randomness
CNIT 141: 2. RandomnessCNIT 141: 2. Randomness
CNIT 141: 2. RandomnessSam Bowne
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 
CNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingCNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingSam Bowne
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms WorkCheapSSLsecurity
 
SHA-256.pptx
SHA-256.pptxSHA-256.pptx
SHA-256.pptxJadhavSujeet
 

Recommended

CNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream CiphersCNIT 141: 5. Stream Ciphers
CNIT 141: 5. Stream CiphersSam Bowne
 
DES Cipher
DES CipherDES Cipher
DES CipherHardik Sondagar
 
Chacha ppt
Chacha pptChacha ppt
Chacha pptVikramSingh1378
 
CNIT 141: 2. Randomness
CNIT 141: 2. RandomnessCNIT 141: 2. Randomness
CNIT 141: 2. RandomnessSam Bowne
 
2. Stream Ciphers
2. Stream Ciphers2. Stream Ciphers
2. Stream CiphersSam Bowne
 
CNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingCNIT 1417. Keyed Hashing
CNIT 1417. Keyed HashingSam Bowne
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms WorkCheapSSLsecurity
 
SHA-256.pptx
SHA-256.pptxSHA-256.pptx
SHA-256.pptxJadhavSujeet
 
CNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionCNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionSam Bowne
 
A Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
A Tutorial on Linear and Differential Cryptanalysis by Howard M. HeysA Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
A Tutorial on Linear and Differential Cryptanalysis by Howard M. HeysInformation Security Awareness Group
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
Cryptographic hash function md5
Cryptographic hash function md5Cryptographic hash function md5
Cryptographic hash function md5Khulna University, Khulna, Bangladesh
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
DES-lecture (1).ppt
DES-lecture (1).pptDES-lecture (1).ppt
DES-lecture (1).pptMrsPrabhaBV
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryptionDR RICHMOND ADEBIAYE
 
AES Encryption
AES EncryptionAES Encryption
AES EncryptionRahul Marwaha
 
Aes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportAes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportsakhi rehman
 
CNIT 141: 9. Hard Problems
CNIT 141: 9. Hard ProblemsCNIT 141: 9. Hard Problems
CNIT 141: 9. Hard ProblemsSam Bowne
 
Information and data security cryptographic hash functions
Information and data security cryptographic hash functionsInformation and data security cryptographic hash functions
Information and data security cryptographic hash functionsMazin Alwaaly
 
Topic20 The RC4 Algorithm.pptx
Topic20 The RC4 Algorithm.pptxTopic20 The RC4 Algorithm.pptx
Topic20 The RC4 Algorithm.pptxUrjaDhabarde
 
SHA 1 Algorithm
SHA 1 AlgorithmSHA 1 Algorithm
SHA 1 AlgorithmShiva RamDam
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of OperationShafaan Khaliq Bhatti
 
CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsSam Bowne
 
Message digest 5
Message digest 5Message digest 5
Message digest 5Tirthika Bandi
 
Substitution cipher and Its Cryptanalysis
Substitution cipher and Its CryptanalysisSubstitution cipher and Its Cryptanalysis
Substitution cipher and Its CryptanalysisSunil Meena
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)SAurabh PRajapati
 
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...AdaLabs
 
AdaLabs FOSDEM 2012 Ada on Rails
AdaLabs FOSDEM 2012 Ada on RailsAdaLabs FOSDEM 2012 Ada on Rails
AdaLabs FOSDEM 2012 Ada on RailsAdaLabs
 

More Related Content

What's hot

CNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionCNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionSam Bowne
 
A Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
A Tutorial on Linear and Differential Cryptanalysis by Howard M. HeysA Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
A Tutorial on Linear and Differential Cryptanalysis by Howard M. HeysInformation Security Awareness Group
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)amanchaurasia
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
DES-lecture (1).ppt
DES-lecture (1).pptDES-lecture (1).ppt
DES-lecture (1).pptMrsPrabhaBV
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerPina Parmar
 
Aes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportAes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportsakhi rehman
 
CNIT 141: 9. Hard Problems
CNIT 141: 9. Hard ProblemsCNIT 141: 9. Hard Problems
CNIT 141: 9. Hard ProblemsSam Bowne
 
Information and data security cryptographic hash functions
Information and data security cryptographic hash functionsInformation and data security cryptographic hash functions
Information and data security cryptographic hash functionsMazin Alwaaly
 
Topic20 The RC4 Algorithm.pptx
Topic20 The RC4 Algorithm.pptxTopic20 The RC4 Algorithm.pptx
Topic20 The RC4 Algorithm.pptxUrjaDhabarde
 
CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsSam Bowne
 
Substitution cipher and Its Cryptanalysis
Substitution cipher and Its CryptanalysisSubstitution cipher and Its Cryptanalysis
Substitution cipher and Its CryptanalysisSunil Meena
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)SAurabh PRajapati
 

What's hot (20)

CNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated EncryptionCNIT 141 8. Authenticated Encryption
CNIT 141 8. Authenticated Encryption
 
A Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
A Tutorial on Linear and Differential Cryptanalysis by Howard M. HeysA Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
A Tutorial on Linear and Differential Cryptanalysis by Howard M. Heys
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
 
Secure Socket Layer (SSL)
Secure Socket Layer (SSL)Secure Socket Layer (SSL)
Secure Socket Layer (SSL)
 
Cryptographic hash function md5
Cryptographic hash function md5Cryptographic hash function md5
Cryptographic hash function md5
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
 
DES-lecture (1).ppt
DES-lecture (1).pptDES-lecture (1).ppt
DES-lecture (1).ppt
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryption
 
AES Encryption
AES EncryptionAES Encryption
AES Encryption
 
Aes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_reportAes 128 192_256_bits_project_report
Aes 128 192_256_bits_project_report
 
CNIT 141: 9. Hard Problems
CNIT 141: 9. Hard ProblemsCNIT 141: 9. Hard Problems
CNIT 141: 9. Hard Problems
 
Information and data security cryptographic hash functions
Information and data security cryptographic hash functionsInformation and data security cryptographic hash functions
Information and data security cryptographic hash functions
 
Topic20 The RC4 Algorithm.pptx
Topic20 The RC4 Algorithm.pptxTopic20 The RC4 Algorithm.pptx
Topic20 The RC4 Algorithm.pptx
 
SHA 1 Algorithm
SHA 1 AlgorithmSHA 1 Algorithm
SHA 1 Algorithm
 
Block Ciphers Modes of Operation
Block Ciphers Modes of OperationBlock Ciphers Modes of Operation
Block Ciphers Modes of Operation
 
CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsCNIT 141: 6. Hash Functions
CNIT 141: 6. Hash Functions
 
Message digest 5
Message digest 5Message digest 5
Message digest 5
 
Substitution cipher and Its Cryptanalysis
Substitution cipher and Its CryptanalysisSubstitution cipher and Its Cryptanalysis
Substitution cipher and Its Cryptanalysis
 
Idea(international data encryption algorithm)
Idea(international data encryption algorithm)Idea(international data encryption algorithm)
Idea(international data encryption algorithm)
 

Viewers also liked

AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...AdaLabs
 
AdaLabs FOSDEM 2012 Ada on Rails
AdaLabs FOSDEM 2012 Ada on RailsAdaLabs FOSDEM 2012 Ada on Rails
AdaLabs FOSDEM 2012 Ada on RailsAdaLabs
 
Mauritius 2015/2016 Budget brief
Mauritius 2015/2016 Budget briefMauritius 2015/2016 Budget brief
Mauritius 2015/2016 Budget briefAdaLabs
 
Post processing for quantum key distribution
Post processing for quantum key distributionPost processing for quantum key distribution
Post processing for quantum key distributionwtyru1989
 
5 Cryptography Part2
5 Cryptography Part25 Cryptography Part2
5 Cryptography Part2Alfred Ouyang
 
Salsa Music Presentation
Salsa Music PresentationSalsa Music Presentation
Salsa Music PresentationKMartinez1117
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyMd. Afif Al Mamun
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptographySukhdeep Kaur
 
The Fast Fourier Transform (FFT)
The Fast Fourier Transform (FFT)The Fast Fourier Transform (FFT)
The Fast Fourier Transform (FFT)Oka Danil
 
Introduction to MatLab programming
Introduction to MatLab programmingIntroduction to MatLab programming
Introduction to MatLab programmingDamian T. Gordon
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3koolkampus
 

Viewers also liked (20)

AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
 
AdaLabs FOSDEM 2012 Ada on Rails
AdaLabs FOSDEM 2012 Ada on RailsAdaLabs FOSDEM 2012 Ada on Rails
AdaLabs FOSDEM 2012 Ada on Rails
 
Salsa20
Salsa20Salsa20
Salsa20
 
Mauritius 2015/2016 Budget brief
Mauritius 2015/2016 Budget briefMauritius 2015/2016 Budget brief
Mauritius 2015/2016 Budget brief
 
Toeplitz (2)
Toeplitz (2)Toeplitz (2)
Toeplitz (2)
 
Post processing for quantum key distribution
Post processing for quantum key distributionPost processing for quantum key distribution
Post processing for quantum key distribution
 
Ch 30
Ch 30Ch 30
Ch 30
 
5 Cryptography Part2
5 Cryptography Part25 Cryptography Part2
5 Cryptography Part2
 
Salsa Music Presentation
Salsa Music PresentationSalsa Music Presentation
Salsa Music Presentation
 
Aes
AesAes
Aes
 
Dif fft
Dif fftDif fft
Dif fft
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
 
The Fast Fourier Transform (FFT)
The Fast Fourier Transform (FFT)The Fast Fourier Transform (FFT)
The Fast Fourier Transform (FFT)
 
Introduction to MatLab programming
Introduction to MatLab programmingIntroduction to MatLab programming
Introduction to MatLab programming
 
Cryptography
CryptographyCryptography
Cryptography
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture short
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3
 
A little ssl
A little sslA little ssl
A little ssl
 

Similar to ChaCha20-Poly1305 Cipher Summary - AdaLabs SPARKAda OpenSSH Ciphers

Information and network security 20 data encryption standard des
Information and network security 20 data encryption standard desInformation and network security 20 data encryption standard des
Information and network security 20 data encryption standard desVaibhav Khanna
 
numbering system binary and decimal hex octal
numbering system binary and decimal hex octalnumbering system binary and decimal hex octal
numbering system binary and decimal hex octalnoor300491
 
Data Encryption Standards (1).pptx
Data Encryption Standards (1).pptxData Encryption Standards (1).pptx
Data Encryption Standards (1).pptxSanthosh Prabhu
 
Lecture 11 (dac and comparator) rv01
Lecture 11 (dac and comparator) rv01Lecture 11 (dac and comparator) rv01
Lecture 11 (dac and comparator) rv01cairo university
 
Bitwise Operations(1).pdf
Bitwise Operations(1).pdfBitwise Operations(1).pdf
Bitwise Operations(1).pdfDalvinCalvin
 
data representation
data representation data representation
data representationHaroon_007
 
Microprocessor lab
Microprocessor labMicroprocessor lab
Microprocessor labKD030303
 
Eshcol tech solutions pvt ltd
Eshcol tech solutions pvt ltdEshcol tech solutions pvt ltd
Eshcol tech solutions pvt ltdOjas Kumar
 

Similar to ChaCha20-Poly1305 Cipher Summary - AdaLabs SPARKAda OpenSSH Ciphers (20)

Information and network security 20 data encryption standard des
Information and network security 20 data encryption standard desInformation and network security 20 data encryption standard des
Information and network security 20 data encryption standard des
 
numbering system binary and decimal hex octal
numbering system binary and decimal hex octalnumbering system binary and decimal hex octal
numbering system binary and decimal hex octal
 
Number Systems - AK.pptx
Number Systems - AK.pptxNumber Systems - AK.pptx
Number Systems - AK.pptx
 
Data Encryption Standards (1).pptx
Data Encryption Standards (1).pptxData Encryption Standards (1).pptx
Data Encryption Standards (1).pptx
 
12117188.ppt
12117188.ppt12117188.ppt
12117188.ppt
 
12117188.ppt
12117188.ppt12117188.ppt
12117188.ppt
 
Lecture 11 (dac and comparator) rv01
Lecture 11 (dac and comparator) rv01Lecture 11 (dac and comparator) rv01
Lecture 11 (dac and comparator) rv01
 
chap3.pdf
chap3.pdfchap3.pdf
chap3.pdf
 
Bitwise Operations(1).pdf
Bitwise Operations(1).pdfBitwise Operations(1).pdf
Bitwise Operations(1).pdf
 
data representation
data representation data representation
data representation
 
Microprocessor lab
Microprocessor labMicroprocessor lab
Microprocessor lab
 
3-Block Ciphers and DES.pdf
3-Block Ciphers and DES.pdf3-Block Ciphers and DES.pdf
3-Block Ciphers and DES.pdf
 
Fast and Easy Subnetting
Fast and Easy SubnettingFast and Easy Subnetting
Fast and Easy Subnetting
 
Aes algorithm notes
Aes algorithm notesAes algorithm notes
Aes algorithm notes
 
SHA512.pptx
SHA512.pptxSHA512.pptx
SHA512.pptx
 
IDEA.ppt
IDEA.pptIDEA.ppt
IDEA.ppt
 
Eshcol tech solutions pvt ltd
Eshcol tech solutions pvt ltdEshcol tech solutions pvt ltd
Eshcol tech solutions pvt ltd
 
Olumide pidan b
Olumide pidan bOlumide pidan b
Olumide pidan b
 
Number System
Number SystemNumber System
Number System
 
cache memory
cache memorycache memory
cache memory
 

Recently uploaded

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Recently uploaded (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

ChaCha20-Poly1305 Cipher Summary - AdaLabs SPARKAda OpenSSH Ciphers

  • 1. ChaCha 20 – Poly 1305 Introduction • ChaCha20-Poly1305 is an Authenticated Encryption mechanism which combines two primitives: ‣ ChaCha20 for Encryption ‣ Poly1305 for Authentication • ChaCha20-Poly1305 uses a 64 byte symmetric key • An input packet consists of a 4 byte Header encoding the length of the packet, as well as a variable length payload (and a 16 byte MAC if decrypting) ‣ Packet Length = Length of Header + Length of Payload + Length of Message Authentication Code (MAC) Operation • A first instance of ChaCha20 is used to encrypt the Header using the first 32 bytes of the key and an Initialization Vector as follows : ‣ Block Counter (BC) = 0s ‣ Nonce = Packet Sequence Number (PSN) • A second instance is used to generate a key for Poly1305 by using the last 32 bytes of the key, 0s as input and keeping the first 32 bytes of output • This second instance is then used with BC = 1 in Little Endian (LE) and Nonce = PSN to encrypt the n-byte payload • ChaCha20 will increment the BC internally but the ChaCha20- Poly1305 implementation should manage the Nonce (i.e Increment the PSN for every packet) • Finally Poly1305 is used on the encrypted header and payload and a MAC is calculated and appended to the output packet • For decryption, decrypt the header to get the length then verify the MAC and decrypt the rest of the packet (using the same procedure as encryption) only if the MAC is valid
  • 2. ChaCha 20 Introduction • ChaCha 20 is a stream cipher developed by Daniel Bernstein. • It is a refinement of the Salsa 20 cipher. • ChaCha 20 works on 4 byte words, takes 16 words of plaintext and outputs 16 words of ciphertext. • Operations detailed below are repeated for every 16 words (64 bytes) of a packet Operation • A 16 word Input Matrix is formed as follows : ‣ 4 words of constant value ‣ 8 words of key ‣ 2 words of block counter (which is incremented by ChaCha 20 after each 20 rounds) ‣ 2 words of nonce (which should be managed outside of ChaCha 20) • For every new 16 words of plaintext, 20 rounds are performed on the original Input Matrix by alternating Column and Diagonal rounds. • Each round performs 4 quarter rounds on 4 words as follows: ‣ a += b; d ^= a; d <<<= 16; ‣ c += d; b ^= c; b <<<= 12; ‣ a += b; d ^= a; d <<<= 8; ‣ c += d; b ^= c; b <<<= 7; • The output of the 20 rounds is summed to the original input matrix • This is written out in little endian form and XORed to the 16 words of plaintext to produce 16 words of ciphertext. • Decryption uses the same procedure as encryption
  • 3. Poly 1305 Introduction • Poly1305 is a Wegman-Carter, one-time authenticator designed by D. J. Bernstein • It is used to calculate a Message Authentication Code (MAC) for a message • Poly 1305 uses a 32 Byte key and operates on an N byte message Operation • The first 16 bytes of the one-time key are interpreted as a number _r_ with the following modifications: ‣ The top 4 bits of bytes 3, 7, 11, 15 are set to 0 ‣ The bottom 2 bits of bytes 4, 8, 12 are set to 0 ‣ The 16 bytes are interpreted as a little endian value • The accumulator (Acc in the diagram) is set to 0 • For every n bytes read from the N byte message, if n = 16 then just add a 17th byte having a value of 1 and the 17 bytes are treated as a little endian number • If n < 16 then pad with 0s until there are 16 bytes and add the 17th byte as in the case when n = 16 • The number is then added to the accumulator which is multiplied by _r_ and the result is saved back to the accumulator • Note : These operations are all mod 2^130 – 5 • Finally, the last 16 bytes of the key are interpreted as a little endian number and this number is added to the accumulator mod 2^128 • The result is then written out as a little endian number and this is taken as the 16 byte tag
  • 4. Further Reading • Blog of ChaCha20-Poly1305 Implementer (Damien Miller) http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in- openssh.html • ChaCha20-Poly1305 Draft at IETF https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-01 • ChaCha20-Poly1305 at OpenBSD http://www.openbsd.org/cgi- bin/cvsweb/src/usr.bin/ssh/PROTOCOL.chacha20poly1305? rev=HEAD;content-type=text/plain • Salsa 20 Wikepidia Article http://en.wikipedia.org/wiki/Salsa20 • ChaCha 20 Reference http://cr.yp.to/chacha/chacha-20080128.pdf