CHACHA20-POLY1305 ENCRYPTION TOOL
Other Crypto Algorithms
AES-128-CBC AES-128-CBC-CTS AES-128-CBC-HMAC-SHA1 AES-128-CBC-HMAC-SHA256 AES-128-CCM AES-128-CFB AES-128-CFB1 AES-128-CFB8 AES-128-CTR AES-128-ECB AES-128-GCM AES-128-GCM-SIV AES-128-OCB AES-128-OFB AES-128-SIV AES-128-WRAP AES-128-WRAP-INV AES-128-WRAP-PAD AES-128-WRAP-PAD-INV AES-128-XTS AES-192-CBC AES-192-CBC-CTS AES-192-CCM AES-192-CFB AES-192-CFB1 AES-192-CFB8 AES-192-CTR AES-192-ECB AES-192-GCM AES-192-GCM-SIV AES-192-OCB AES-192-OFB AES-192-SIV AES-192-WRAP AES-192-WRAP-INV AES-192-WRAP-PAD AES-192-WRAP-PAD-INV AES-256-CBC AES-256-CBC-CTS AES-256-CBC-HMAC-SHA1 AES-256-CBC-HMAC-SHA256 AES-256-CCM AES-256-CFB AES-256-CFB1 AES-256-CFB8 AES-256-CTR AES-256-ECB AES-256-GCM AES-256-GCM-SIV AES-256-OCB AES-256-OFB AES-256-SIV AES-256-WRAP AES-256-WRAP-INV AES-256-WRAP-PAD AES-256-WRAP-PAD-INV AES-256-XTS ARIA-128-CBC ARIA-128-CCM ARIA-128-CFB ARIA-128-CFB1 ARIA-128-CFB8 ARIA-128-CTR ARIA-128-ECB ARIA-128-GCM ARIA-128-OFB ARIA-192-CBC ARIA-192-CCM ARIA-192-CFB ARIA-192-CFB1 ARIA-192-CFB8 ARIA-192-CTR ARIA-192-ECB ARIA-192-GCM ARIA-192-OFB ARIA-256-CBC ARIA-256-CCM ARIA-256-CFB ARIA-256-CFB1 ARIA-256-CFB8 ARIA-256-CTR ARIA-256-ECB ARIA-256-GCM ARIA-256-OFB CAMELLIA-128-CBC CAMELLIA-128-CBC-CTS CAMELLIA-128-CFB CAMELLIA-128-CFB1 CAMELLIA-128-CFB8 CAMELLIA-128-CTR CAMELLIA-128-ECB CAMELLIA-128-OFB CAMELLIA-192-CBC CAMELLIA-192-CBC-CTS CAMELLIA-192-CFB CAMELLIA-192-CFB1 CAMELLIA-192-CFB8 CAMELLIA-192-CTR CAMELLIA-192-ECB CAMELLIA-192-OFB CAMELLIA-256-CBC CAMELLIA-256-CBC-CTS CAMELLIA-256-CFB CAMELLIA-256-CFB1 CAMELLIA-256-CFB8 CAMELLIA-256-CTR CAMELLIA-256-ECB CAMELLIA-256-OFB CHACHA20 CHACHA20-POLY1305 DES-EDE-CBC DES-EDE-CFB DES-EDE-ECB DES-EDE-OFB DES-EDE3-CBC DES-EDE3-CFB DES-EDE3-CFB1 DES-EDE3-CFB8 DES-EDE3-ECB DES-EDE3-OFB DES3-WRAPThe ChaCha20-Poly1305 algorithm is a modern authenticated encryption scheme designed to provide both confidentiality and integrity of data in a single, efficient operation. It combines the ChaCha20 stream cipher for encryption and the Poly1305 message authentication code (MAC) for integrity verification. This combination ensures that encrypted data cannot be modified undetectably and that only intended recipients can decrypt it.
ChaCha20 Stream Cipher
ChaCha20 operates as a stream cipher, generating a pseudorandom keystream that is XORed with plaintext to produce ciphertext. The cipher uses a 256-bit key, a 96-bit nonce, and a 32-bit block counter to produce a sequence of 512-bit blocks. Each block is processed using a series of 20 rounds of quarter-round operations, mixing the input words through addition, XOR, and rotation functions. This structure ensures high diffusion and resistance to cryptanalytic attacks while maintaining high performance on software implementations.
Poly1305 Message Authentication Code
Poly1305 is a one-time authenticator that produces a 128-bit tag for a given message using a 256-bit key. The key is split into a 128-bit one-time key and a 128-bit additional secret. The message is divided into 16-byte blocks, each interpreted as a number in little-endian form and processed with modular arithmetic over a prime number, 2130 − 5. The final result is the tag, which allows the recipient to verify the authenticity and integrity of the message. Poly1305 is resistant to forgery and efficient on modern processors.
Encryption and Authentication Process
To encrypt data, ChaCha20 generates a keystream based on the secret key, nonce, and counter. The plaintext is XORed with this keystream to produce ciphertext. The same keystream is used to derive the Poly1305 key. Poly1305 then computes the authentication tag over the ciphertext and any additional authenticated data (AAD). The resulting ciphertext and tag are transmitted together. Upon receipt, the tag is recomputed using the shared key and compared with the received tag. A mismatch indicates tampering, while a match confirms data integrity and authenticity.
Security Considerations
ChaCha20-Poly1305 is designed to resist known cryptographic attacks, including differential and linear cryptanalysis, nonce reuse attacks, and timing attacks. Its construction allows safe use in network protocols, such as TLS and SSH, providing authenticated encryption with high throughput. Proper implementation requires unique nonces for each message and secure key management practices. The algorithm is standardized by IETF in RFC 8439 and widely supported across cryptographic libraries.