IETF-Draft for ChaCha-Poly

--- robots: noindex, nofollow --- # IETF-Draft for ChaCha-Poly ###### tags: `draft / in process` ## Sources https://github.com/BlockchainCommons/Research/blob/master/papers/bcr-2022-001-secure-message.md https://hackmd.io/7vJoekiPTTuw9KAT-dpaPw Example: https://www.ietf.org/archive/id/draft-clarke-cbor-crs-02.txt ## Notes on Formatting/Submission This claims to be requierd format for drafts: https://xml2rfc.tools.ietf.org/rfc7749.html With Tools Here: https://www.strayalpha.com/tools/ (notably including a Word .dot and an xml2rpc program) But maybe can submit text here: https://datatracker.ietf.org/submit/tool-instructions/ https://www6.ietf.org/tools/idnits Per: https://www.ietf.org/ietf-ftp/ietf/1id-guidelines.html ## Content SECURITY This specification does not introduce any additional security considerations other than those that follow from the use of the AEAD ChaCha20-Poly1305 algorithm in IETF standards, thus the implementor is directed to the Security Considerations sections of [RFC7539], [RFC7634], [RFC8103]. In summary, the ChaCha20 cipher is designed to provide 256-bit security. Poly1305 is considered to have SUF-CMA (strong unforgeability against chosen-message attacks). The most important security consideration in implementing this specification is the uniqueness of the nonce used in ChaCha20. The reuse of an nonce value with the same symmetric key secret destroys the security guarantees of this algorithm. The nonce should be selected uniquely for a particular key, but unpredictability of the nonce is not required. Counters and LFSRs (linear-feedback shift registers) are both acceptable ways of generating unique nonces. Consequences of repeating a nonce with the same symmetric key secret: If a nonce is repeated, then both the one-time Poly1305 key and the keystream are identical between the messages. This reveals the XOR of the plaintexts, because the XOR of the plaintexts is equal to the XOR of the ciphertexts. https://datatracker.ietf.org/doc/html/rfc7539 https://datatracker.ietf.org/doc/html/rfc7634 https://datatracker.ietf.org/doc/html/rfc8103 EXAMPLE [include example from BRC, but not necessarily link?] ALTERNATIVE CYPHER Maybe describe a different foundational crypto? https://datatracker.ietf.org/doc/html/rfc5116#section-5.1 AES-256-GCM as lowest common denominator for hardware Most implemented [chacha20 a little less implemented on hardware devices] [Proxy will give some additional feedback]