ChaCha20
What is ChaCha20?
ChaCha20A modern stream cipher designed by Daniel J. Bernstein, using a 256-bit key and 96-bit nonce, widely deployed alongside Poly1305 as the AEAD ChaCha20-Poly1305.
ChaCha20 is a 20-round stream cipher designed by Daniel J. Bernstein in 2008 as a refinement of his Salsa20 design. It produces a keystream from a 256-bit key, a 96-bit nonce, and a 32-bit block counter using simple add-rotate-xor operations on 32-bit words, which makes it fast and constant-time on CPUs without AES hardware (mobile, embedded). Combined with the Poly1305 MAC, the resulting AEAD scheme ChaCha20-Poly1305 is standardized in RFC 8439 and is one of the two mandatory cipher suites in TLS 1.3 (alongside AES-GCM). ChaCha20 is widely used in TLS, QUIC, WireGuard, OpenSSH, the Signal Protocol, and Linux kernel cryptography. After more than a decade of cryptanalysis no attack against the full 20-round version is known.
● Examples
- 01
TLS 1.3 and QUIC use TLS_CHACHA20_POLY1305_SHA256 on mobile devices.
- 02
WireGuard encrypts all data packets with ChaCha20-Poly1305.
● Frequently asked questions
What is ChaCha20?
A modern stream cipher designed by Daniel J. Bernstein, using a 256-bit key and 96-bit nonce, widely deployed alongside Poly1305 as the AEAD ChaCha20-Poly1305. It belongs to the Cryptography category of cybersecurity.
What does ChaCha20 mean?
A modern stream cipher designed by Daniel J. Bernstein, using a 256-bit key and 96-bit nonce, widely deployed alongside Poly1305 as the AEAD ChaCha20-Poly1305.
How do you defend against ChaCha20?
Defences for ChaCha20 typically combine technical controls and operational practices, as detailed in the full definition above.