SlideShare a Scribd company logo

ChaCha20-Poly1305 Cipher Summary - AdaLabs SPARKAda OpenSSH Ciphers

AdaLabs
AdaLabs

Chacha20Poly1305-Ada is a full Ada implementation of the Chacha20Poly1305 cypher (http://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-03)

Technology
1 of 4
Download to read offline
ChaCha 20 – Poly 1305 Introduction • ChaCha20-Poly1305 is an Authenticated Encryption mechanism which combines two primitives: ‣ ChaCha20 for Encryption ‣ Poly1305 for Authentication • ChaCha20-Poly1305 uses a 64 byte symmetric key • An input packet consists of a 4 byte Header encoding the length of the packet, as well as a variable length payload (and a 16 byte MAC if decrypting) ‣ Packet Length = Length of Header + Length of Payload + Length of Message Authentication Code (MAC) Operation • A first instance of ChaCha20 is used to encrypt the Header using the first 32 bytes of the key and an Initialization Vector as follows : ‣ Block Counter (BC) = 0s ‣ Nonce = Packet Sequence Number (PSN) • A second instance is used to generate a key for Poly1305 by using the last 32 bytes of the key, 0s as input and keeping the first 32 bytes of output • This second instance is then used with BC = 1 in Little Endian (LE) and Nonce = PSN to encrypt the n-byte payload • ChaCha20 will increment the BC internally but the ChaCha20- Poly1305 implementation should manage the Nonce (i.e Increment the PSN for every packet) • Finally Poly1305 is used on the encrypted header and payload and a MAC is calculated and appended to the output packet • For decryption, decrypt the header to get the length then verify the MAC and decrypt the rest of the packet (using the same procedure as encryption) only if the MAC is valid
ChaCha 20 Introduction • ChaCha 20 is a stream cipher developed by Daniel Bernstein. • It is a refinement of the Salsa 20 cipher. • ChaCha 20 works on 4 byte words, takes 16 words of plaintext and outputs 16 words of ciphertext. • Operations detailed below are repeated for every 16 words (64 bytes) of a packet Operation • A 16 word Input Matrix is formed as follows : ‣ 4 words of constant value ‣ 8 words of key ‣ 2 words of block counter (which is incremented by ChaCha 20 after each 20 rounds) ‣ 2 words of nonce (which should be managed outside of ChaCha 20) • For every new 16 words of plaintext, 20 rounds are performed on the original Input Matrix by alternating Column and Diagonal rounds. • Each round performs 4 quarter rounds on 4 words as follows: ‣ a += b; d ^= a; d <<<= 16; ‣ c += d; b ^= c; b <<<= 12; ‣ a += b; d ^= a; d <<<= 8; ‣ c += d; b ^= c; b <<<= 7; • The output of the 20 rounds is summed to the original input matrix • This is written out in little endian form and XORed to the 16 words of plaintext to produce 16 words of ciphertext. • Decryption uses the same procedure as encryption
Poly 1305 Introduction • Poly1305 is a Wegman-Carter, one-time authenticator designed by D. J. Bernstein • It is used to calculate a Message Authentication Code (MAC) for a message • Poly 1305 uses a 32 Byte key and operates on an N byte message Operation • The first 16 bytes of the one-time key are interpreted as a number _r_ with the following modifications: ‣ The top 4 bits of bytes 3, 7, 11, 15 are set to 0 ‣ The bottom 2 bits of bytes 4, 8, 12 are set to 0 ‣ The 16 bytes are interpreted as a little endian value • The accumulator (Acc in the diagram) is set to 0 • For every n bytes read from the N byte message, if n = 16 then just add a 17th byte having a value of 1 and the 17 bytes are treated as a little endian number • If n < 16 then pad with 0s until there are 16 bytes and add the 17th byte as in the case when n = 16 • The number is then added to the accumulator which is multiplied by _r_ and the result is saved back to the accumulator • Note : These operations are all mod 2^130 – 5 • Finally, the last 16 bytes of the key are interpreted as a little endian number and this number is added to the accumulator mod 2^128 • The result is then written out as a little endian number and this is taken as the 16 byte tag
Further Reading • Blog of ChaCha20-Poly1305 Implementer (Damien Miller) http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in- openssh.html • ChaCha20-Poly1305 Draft at IETF https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-01 • ChaCha20-Poly1305 at OpenBSD http://www.openbsd.org/cgi- bin/cvsweb/src/usr.bin/ssh/PROTOCOL.chacha20poly1305? rev=HEAD;content-type=text/plain • Salsa 20 Wikepidia Article http://en.wikipedia.org/wiki/Salsa20 • ChaCha 20 Reference http://cr.yp.to/chacha/chacha-20080128.pdf

Recommended

quantum cryptography
quantum cryptographyquantum cryptography
quantum cryptographyvignans institute for management and technology for women
 
Block ciphers &amp; public key cryptography
Block ciphers &amp; public key cryptographyBlock ciphers &amp; public key cryptography
Block ciphers &amp; public key cryptographyRAMPRAKASHT1
 
9. data link layer error correction codes - hamming code
9. data link layer error correction codes - hamming code9. data link layer error correction codes - hamming code
9. data link layer error correction codes - hamming codeJAIGANESH SEKAR
 
Quantum Cryptography
Quantum CryptographyQuantum Cryptography
Quantum Cryptographysahilnarvekar
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptographyNishant Bhardwaj
 
Quantum Cryptography
Quantum CryptographyQuantum Cryptography
Quantum Cryptographypixiejen
 
Technique de Cryptographie AES, DES et RSA
Technique de Cryptographie AES, DES et RSATechnique de Cryptographie AES, DES et RSA
Technique de Cryptographie AES, DES et RSAHouda Elmoutaoukil
 
2 Unit 1. Traditional Symmetric Ciphers.pdf
2 Unit 1. Traditional Symmetric Ciphers.pdf2 Unit 1. Traditional Symmetric Ciphers.pdf
2 Unit 1. Traditional Symmetric Ciphers.pdfNandiniLokanath1
 

Recommended

quantum cryptography
quantum cryptographyquantum cryptography
quantum cryptographyvignans institute for management and technology for women
 
Block ciphers &amp; public key cryptography
Block ciphers &amp; public key cryptographyBlock ciphers &amp; public key cryptography
Block ciphers &amp; public key cryptographyRAMPRAKASHT1
 
9. data link layer error correction codes - hamming code
9. data link layer error correction codes - hamming code9. data link layer error correction codes - hamming code
9. data link layer error correction codes - hamming codeJAIGANESH SEKAR
 
Quantum Cryptography
Quantum CryptographyQuantum Cryptography
Quantum Cryptographysahilnarvekar
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptographyNishant Bhardwaj
 
Quantum Cryptography
Quantum CryptographyQuantum Cryptography
Quantum Cryptographypixiejen
 
Technique de Cryptographie AES, DES et RSA
Technique de Cryptographie AES, DES et RSATechnique de Cryptographie AES, DES et RSA
Technique de Cryptographie AES, DES et RSAHouda Elmoutaoukil
 
2 Unit 1. Traditional Symmetric Ciphers.pdf
2 Unit 1. Traditional Symmetric Ciphers.pdf2 Unit 1. Traditional Symmetric Ciphers.pdf
2 Unit 1. Traditional Symmetric Ciphers.pdfNandiniLokanath1
 
Chacha ppt
Chacha pptChacha ppt
Chacha pptVikramSingh1378
 
One-Time Pad Encryption
One-Time Pad EncryptionOne-Time Pad Encryption
One-Time Pad EncryptionCharles Southerland
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithmBob Landstrom
 
Digital Signature Standard
Digital Signature StandardDigital Signature Standard
Digital Signature StandardSou Jana
 
8085 instruction set and Programming
8085 instruction set and Programming 8085 instruction set and Programming
8085 instruction set and Programming pooja saini
 
Introduction to Data-Link Layer
Introduction to Data-Link LayerIntroduction to Data-Link Layer
Introduction to Data-Link LayerAbdullaziz Tagawy
 
CNIT 141: 8. Authenticated Encryption
CNIT 141: 8. Authenticated EncryptionCNIT 141: 8. Authenticated Encryption
CNIT 141: 8. Authenticated EncryptionSam Bowne
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptographyNishant Bhardwaj
 
One Time Pad Encryption Technique
One Time Pad Encryption TechniqueOne Time Pad Encryption Technique
One Time Pad Encryption TechniqueJohn Adams
 
Quantum cryptography a modern cryptographic security
Quantum cryptography a modern cryptographic securityQuantum cryptography a modern cryptographic security
Quantum cryptography a modern cryptographic securityKamal Diwakar
 
I pv6 addressing-rg-animated
I pv6 addressing-rg-animatedI pv6 addressing-rg-animated
I pv6 addressing-rg-animatedmasbangkit
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
Authenticated Encryption Gcm Ccm
Authenticated Encryption Gcm CcmAuthenticated Encryption Gcm Ccm
Authenticated Encryption Gcm CcmVittorio Giovara
 
Basic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet AccessBasic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet AccessHarris Andrea
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesJanani S
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)Netwax Lab
 
802.11r Explained.
802.11r Explained. 802.11r Explained.
802.11r Explained. Ajay Gupta
 
SHA512.pptx
SHA512.pptxSHA512.pptx
SHA512.pptxssuserb4287c
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms WorkCheapSSLsecurity
 
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...AdaLabs
 
AdaLabs FOSDEM 2012 Ada on Rails
AdaLabs FOSDEM 2012 Ada on RailsAdaLabs FOSDEM 2012 Ada on Rails
AdaLabs FOSDEM 2012 Ada on RailsAdaLabs
 

More Related Content

What's hot

The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithmBob Landstrom
 
Digital Signature Standard
Digital Signature StandardDigital Signature Standard
Digital Signature StandardSou Jana
 
8085 instruction set and Programming
8085 instruction set and Programming 8085 instruction set and Programming
8085 instruction set and Programming pooja saini
 
Introduction to Data-Link Layer
Introduction to Data-Link LayerIntroduction to Data-Link Layer
Introduction to Data-Link LayerAbdullaziz Tagawy
 
CNIT 141: 8. Authenticated Encryption
CNIT 141: 8. Authenticated EncryptionCNIT 141: 8. Authenticated Encryption
CNIT 141: 8. Authenticated EncryptionSam Bowne
 
One Time Pad Encryption Technique
One Time Pad Encryption TechniqueOne Time Pad Encryption Technique
One Time Pad Encryption TechniqueJohn Adams
 
Quantum cryptography a modern cryptographic security
Quantum cryptography a modern cryptographic securityQuantum cryptography a modern cryptographic security
Quantum cryptography a modern cryptographic securityKamal Diwakar
 
I pv6 addressing-rg-animated
I pv6 addressing-rg-animatedI pv6 addressing-rg-animated
I pv6 addressing-rg-animatedmasbangkit
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit vArthyR3
 
Authenticated Encryption Gcm Ccm
Authenticated Encryption Gcm CcmAuthenticated Encryption Gcm Ccm
Authenticated Encryption Gcm CcmVittorio Giovara
 
Basic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet AccessBasic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet AccessHarris Andrea
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesJanani S
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithmSunita Kharayat
 
GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)Netwax Lab
 
802.11r Explained.
802.11r Explained. 802.11r Explained.
802.11r Explained. Ajay Gupta
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms WorkCheapSSLsecurity
 

What's hot (20)

Chacha ppt
Chacha pptChacha ppt
Chacha ppt
 
One-Time Pad Encryption
One-Time Pad EncryptionOne-Time Pad Encryption
One-Time Pad Encryption
 
The MD5 hashing algorithm
The MD5 hashing algorithmThe MD5 hashing algorithm
The MD5 hashing algorithm
 
Digital Signature Standard
Digital Signature StandardDigital Signature Standard
Digital Signature Standard
 
8085 instruction set and Programming
8085 instruction set and Programming 8085 instruction set and Programming
8085 instruction set and Programming
 
Introduction to Data-Link Layer
Introduction to Data-Link LayerIntroduction to Data-Link Layer
Introduction to Data-Link Layer
 
CNIT 141: 8. Authenticated Encryption
CNIT 141: 8. Authenticated EncryptionCNIT 141: 8. Authenticated Encryption
CNIT 141: 8. Authenticated Encryption
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
 
One Time Pad Encryption Technique
One Time Pad Encryption TechniqueOne Time Pad Encryption Technique
One Time Pad Encryption Technique
 
Quantum cryptography a modern cryptographic security
Quantum cryptography a modern cryptographic securityQuantum cryptography a modern cryptographic security
Quantum cryptography a modern cryptographic security
 
I pv6 addressing-rg-animated
I pv6 addressing-rg-animatedI pv6 addressing-rg-animated
I pv6 addressing-rg-animated
 
Cs8792 cns - unit v
Cs8792 cns - unit vCs8792 cns - unit v
Cs8792 cns - unit v
 
Authenticated Encryption Gcm Ccm
Authenticated Encryption Gcm CcmAuthenticated Encryption Gcm Ccm
Authenticated Encryption Gcm Ccm
 
Basic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet AccessBasic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet Access
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
Diffie hellman key exchange algorithm
Diffie hellman key exchange algorithmDiffie hellman key exchange algorithm
Diffie hellman key exchange algorithm
 
GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)GLBP (gateway load balancing protocol)
GLBP (gateway load balancing protocol)
 
802.11r Explained.
802.11r Explained. 802.11r Explained.
802.11r Explained.
 
SHA512.pptx
SHA512.pptxSHA512.pptx
SHA512.pptx
 
How Hashing Algorithms Work
How Hashing Algorithms WorkHow Hashing Algorithms Work
How Hashing Algorithms Work
 

Viewers also liked

AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...AdaLabs
 
AdaLabs FOSDEM 2012 Ada on Rails
AdaLabs FOSDEM 2012 Ada on RailsAdaLabs FOSDEM 2012 Ada on Rails
AdaLabs FOSDEM 2012 Ada on RailsAdaLabs
 
Mauritius 2015/2016 Budget brief
Mauritius 2015/2016 Budget briefMauritius 2015/2016 Budget brief
Mauritius 2015/2016 Budget briefAdaLabs
 
Post processing for quantum key distribution
Post processing for quantum key distributionPost processing for quantum key distribution
Post processing for quantum key distributionwtyru1989
 
5 Cryptography Part2
5 Cryptography Part25 Cryptography Part2
5 Cryptography Part2Alfred Ouyang
 
Salsa Music Presentation
Salsa Music PresentationSalsa Music Presentation
Salsa Music PresentationKMartinez1117
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to CryptographyMd. Afif Al Mamun
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptographySukhdeep Kaur
 
The Fast Fourier Transform (FFT)
The Fast Fourier Transform (FFT)The Fast Fourier Transform (FFT)
The Fast Fourier Transform (FFT)Oka Danil
 
Introduction to MatLab programming
Introduction to MatLab programmingIntroduction to MatLab programming
Introduction to MatLab programmingDamian T. Gordon
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture shortAvirot Mitamura
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3koolkampus
 

Viewers also liked (20)

AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
AdaEurope 2013 - Berlin - Industrial Experience - Feedback on improving perfo...
 
AdaLabs FOSDEM 2012 Ada on Rails
AdaLabs FOSDEM 2012 Ada on RailsAdaLabs FOSDEM 2012 Ada on Rails
AdaLabs FOSDEM 2012 Ada on Rails
 
Salsa20
Salsa20Salsa20
Salsa20
 
Mauritius 2015/2016 Budget brief
Mauritius 2015/2016 Budget briefMauritius 2015/2016 Budget brief
Mauritius 2015/2016 Budget brief
 
Toeplitz (2)
Toeplitz (2)Toeplitz (2)
Toeplitz (2)
 
Post processing for quantum key distribution
Post processing for quantum key distributionPost processing for quantum key distribution
Post processing for quantum key distribution
 
Ch 30
Ch 30Ch 30
Ch 30
 
5 Cryptography Part2
5 Cryptography Part25 Cryptography Part2
5 Cryptography Part2
 
Salsa Music Presentation
Salsa Music PresentationSalsa Music Presentation
Salsa Music Presentation
 
Aes
AesAes
Aes
 
Dif fft
Dif fftDif fft
Dif fft
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Quantum cryptography
Quantum cryptographyQuantum cryptography
Quantum cryptography
 
The Fast Fourier Transform (FFT)
The Fast Fourier Transform (FFT)The Fast Fourier Transform (FFT)
The Fast Fourier Transform (FFT)
 
Introduction to MatLab programming
Introduction to MatLab programmingIntroduction to MatLab programming
Introduction to MatLab programming
 
Cryptography
CryptographyCryptography
Cryptography
 
SSL & TLS Architecture short
SSL & TLS Architecture shortSSL & TLS Architecture short
SSL & TLS Architecture short
 
Cryptography
CryptographyCryptography
Cryptography
 
Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3Cryptography and Message Authentication NS3
Cryptography and Message Authentication NS3
 
A little ssl
A little sslA little ssl
A little ssl
 

Similar to ChaCha20-Poly1305 Cipher Summary - AdaLabs SPARKAda OpenSSH Ciphers

Information and network security 20 data encryption standard des
Information and network security 20 data encryption standard desInformation and network security 20 data encryption standard des
Information and network security 20 data encryption standard desVaibhav Khanna
 
numbering system binary and decimal hex octal
numbering system binary and decimal hex octalnumbering system binary and decimal hex octal
numbering system binary and decimal hex octalnoor300491
 
Data Encryption Standards (1).pptx
Data Encryption Standards (1).pptxData Encryption Standards (1).pptx
Data Encryption Standards (1).pptxSanthosh Prabhu
 
Lecture 11 (dac and comparator) rv01
Lecture 11 (dac and comparator) rv01Lecture 11 (dac and comparator) rv01
Lecture 11 (dac and comparator) rv01cairo university
 
Bitwise Operations(1).pdf
Bitwise Operations(1).pdfBitwise Operations(1).pdf
Bitwise Operations(1).pdfDalvinCalvin
 
data representation
data representation data representation
data representationHaroon_007
 
Microprocessor lab
Microprocessor labMicroprocessor lab
Microprocessor labKD030303
 
Eshcol tech solutions pvt ltd
Eshcol tech solutions pvt ltdEshcol tech solutions pvt ltd
Eshcol tech solutions pvt ltdOjas Kumar
 
Microprocessor Part 3
Microprocessor Part 3Microprocessor Part 3
Microprocessor Part 3Sajan Agrawal
 

Similar to ChaCha20-Poly1305 Cipher Summary - AdaLabs SPARKAda OpenSSH Ciphers (20)

Information and network security 20 data encryption standard des
Information and network security 20 data encryption standard desInformation and network security 20 data encryption standard des
Information and network security 20 data encryption standard des
 
numbering system binary and decimal hex octal
numbering system binary and decimal hex octalnumbering system binary and decimal hex octal
numbering system binary and decimal hex octal
 
Number Systems - AK.pptx
Number Systems - AK.pptxNumber Systems - AK.pptx
Number Systems - AK.pptx
 
Data Encryption Standards (1).pptx
Data Encryption Standards (1).pptxData Encryption Standards (1).pptx
Data Encryption Standards (1).pptx
 
12117188.ppt
12117188.ppt12117188.ppt
12117188.ppt
 
12117188.ppt
12117188.ppt12117188.ppt
12117188.ppt
 
Lecture 11 (dac and comparator) rv01
Lecture 11 (dac and comparator) rv01Lecture 11 (dac and comparator) rv01
Lecture 11 (dac and comparator) rv01
 
chap3.pdf
chap3.pdfchap3.pdf
chap3.pdf
 
Bitwise Operations(1).pdf
Bitwise Operations(1).pdfBitwise Operations(1).pdf
Bitwise Operations(1).pdf
 
data representation
data representation data representation
data representation
 
Microprocessor lab
Microprocessor labMicroprocessor lab
Microprocessor lab
 
3-Block Ciphers and DES.pdf
3-Block Ciphers and DES.pdf3-Block Ciphers and DES.pdf
3-Block Ciphers and DES.pdf
 
Fast and Easy Subnetting
Fast and Easy SubnettingFast and Easy Subnetting
Fast and Easy Subnetting
 
Aes algorithm notes
Aes algorithm notesAes algorithm notes
Aes algorithm notes
 
IDEA.ppt
IDEA.pptIDEA.ppt
IDEA.ppt
 
Eshcol tech solutions pvt ltd
Eshcol tech solutions pvt ltdEshcol tech solutions pvt ltd
Eshcol tech solutions pvt ltd
 
Olumide pidan b
Olumide pidan bOlumide pidan b
Olumide pidan b
 
Number System
Number SystemNumber System
Number System
 
cache memory
cache memorycache memory
cache memory
 
Microprocessor Part 3
Microprocessor Part 3Microprocessor Part 3
Microprocessor Part 3
 

Recently uploaded

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 

Recently uploaded (20)

AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 

ChaCha20-Poly1305 Cipher Summary - AdaLabs SPARKAda OpenSSH Ciphers

  • 1. ChaCha 20 – Poly 1305 Introduction • ChaCha20-Poly1305 is an Authenticated Encryption mechanism which combines two primitives: ‣ ChaCha20 for Encryption ‣ Poly1305 for Authentication • ChaCha20-Poly1305 uses a 64 byte symmetric key • An input packet consists of a 4 byte Header encoding the length of the packet, as well as a variable length payload (and a 16 byte MAC if decrypting) ‣ Packet Length = Length of Header + Length of Payload + Length of Message Authentication Code (MAC) Operation • A first instance of ChaCha20 is used to encrypt the Header using the first 32 bytes of the key and an Initialization Vector as follows : ‣ Block Counter (BC) = 0s ‣ Nonce = Packet Sequence Number (PSN) • A second instance is used to generate a key for Poly1305 by using the last 32 bytes of the key, 0s as input and keeping the first 32 bytes of output • This second instance is then used with BC = 1 in Little Endian (LE) and Nonce = PSN to encrypt the n-byte payload • ChaCha20 will increment the BC internally but the ChaCha20- Poly1305 implementation should manage the Nonce (i.e Increment the PSN for every packet) • Finally Poly1305 is used on the encrypted header and payload and a MAC is calculated and appended to the output packet • For decryption, decrypt the header to get the length then verify the MAC and decrypt the rest of the packet (using the same procedure as encryption) only if the MAC is valid
  • 2. ChaCha 20 Introduction • ChaCha 20 is a stream cipher developed by Daniel Bernstein. • It is a refinement of the Salsa 20 cipher. • ChaCha 20 works on 4 byte words, takes 16 words of plaintext and outputs 16 words of ciphertext. • Operations detailed below are repeated for every 16 words (64 bytes) of a packet Operation • A 16 word Input Matrix is formed as follows : ‣ 4 words of constant value ‣ 8 words of key ‣ 2 words of block counter (which is incremented by ChaCha 20 after each 20 rounds) ‣ 2 words of nonce (which should be managed outside of ChaCha 20) • For every new 16 words of plaintext, 20 rounds are performed on the original Input Matrix by alternating Column and Diagonal rounds. • Each round performs 4 quarter rounds on 4 words as follows: ‣ a += b; d ^= a; d <<<= 16; ‣ c += d; b ^= c; b <<<= 12; ‣ a += b; d ^= a; d <<<= 8; ‣ c += d; b ^= c; b <<<= 7; • The output of the 20 rounds is summed to the original input matrix • This is written out in little endian form and XORed to the 16 words of plaintext to produce 16 words of ciphertext. • Decryption uses the same procedure as encryption
  • 3. Poly 1305 Introduction • Poly1305 is a Wegman-Carter, one-time authenticator designed by D. J. Bernstein • It is used to calculate a Message Authentication Code (MAC) for a message • Poly 1305 uses a 32 Byte key and operates on an N byte message Operation • The first 16 bytes of the one-time key are interpreted as a number _r_ with the following modifications: ‣ The top 4 bits of bytes 3, 7, 11, 15 are set to 0 ‣ The bottom 2 bits of bytes 4, 8, 12 are set to 0 ‣ The 16 bytes are interpreted as a little endian value • The accumulator (Acc in the diagram) is set to 0 • For every n bytes read from the N byte message, if n = 16 then just add a 17th byte having a value of 1 and the 17 bytes are treated as a little endian number • If n < 16 then pad with 0s until there are 16 bytes and add the 17th byte as in the case when n = 16 • The number is then added to the accumulator which is multiplied by _r_ and the result is saved back to the accumulator • Note : These operations are all mod 2^130 – 5 • Finally, the last 16 bytes of the key are interpreted as a little endian number and this number is added to the accumulator mod 2^128 • The result is then written out as a little endian number and this is taken as the 16 byte tag
  • 4. Further Reading • Blog of ChaCha20-Poly1305 Implementer (Damien Miller) http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in- openssh.html • ChaCha20-Poly1305 Draft at IETF https://tools.ietf.org/html/draft-agl-tls-chacha20poly1305-01 • ChaCha20-Poly1305 at OpenBSD http://www.openbsd.org/cgi- bin/cvsweb/src/usr.bin/ssh/PROTOCOL.chacha20poly1305? rev=HEAD;content-type=text/plain • Salsa 20 Wikepidia Article http://en.wikipedia.org/wiki/Salsa20 • ChaCha 20 Reference http://cr.yp.to/chacha/chacha-20080128.pdf