Crate chacha

source ·
Expand description

ChaCha is a family of 256-bit stream ciphers. This crate includes five members of the family:

nonce lengthstream lengthkey lengthrounds
ChaCha2082703220
IETF162383220
XChaCha20242703220
ChaCha1282703212
ChaCha88270328
(Lengths are given in bytes.)

ChaCha12 and ChaCha8 trade off the security margin in favor of performance. The IETF implementation increases the nonce length, making randomly generating the same nonce twice less likely, at the cost of making the stream shorter. XChaCha20 increases the nonce length even further while maintaining the stream length at the cost of a slightly more expensive initialization step.

ChaCha benefits greatly from SIMD instructions, which currently requires Rust’s nightly build. Compile with the feature nightly enabled for maximum performance.

ChaCha was designed by Daniel J. Bernstein in 2008 as a slightly modified version of his Salsa family of ciphers. Salsa20 has been analyzed as part of the eSTREAM project and has not had any practical attack found. That cryptanalysis would generally apply to ChaCha20 as well. The ChaCha round function is used in the BLAKE hash function, which was analyzed as part of the SHA-3 competition, again without finding a practical attack. The IETF’s RFC 7539 standardizes a member of the ChaCha family.

Structs§

Enums§

  • An error when generating a keystream

Traits§

  • Types that encapsulate a stream of bytes that to be combined with a cryptographic plaintext or ciphertext
  • KeyStreams that allow efficiently moving to positions in the stream

Functions§

  • Apply the ChaCha core function. Note that this is reversible.
  • Apply the ChaCha core function and add the result to the input. This is what maps ChaCha streams’ input blocks to output blocks.
  • Runs the self-test for the chacha20 block function.