ChaCha20-Poly1305
What is ChaCha20-Poly1305?
ChaCha20-Poly1305An AEAD construction pairing the ChaCha20 stream cipher with the Poly1305 one-time authenticator, standardised in RFC 8439 for TLS 1.3 and WireGuard.
ChaCha20-Poly1305 is the AEAD cipher specified in RFC 8439 (formerly RFC 7539). ChaCha20 is a 256-bit-key ARX stream cipher designed by Daniel J. Bernstein, with a 96-bit nonce and 32-bit counter producing a 512-bit keystream block per invocation; Poly1305 is a 128-bit one-time MAC over the ciphertext and associated data, keyed by the first block of the ChaCha20 keystream. The pair is constant-time and fast in software without AES-NI, which is why it is the default fallback in TLS 1.3, QUIC, SSH, OpenVPN, and WireGuard. Like AES-GCM it fails catastrophically on nonce reuse and requires unique nonces per key.
● Examples
- 01
TLS 1.3 cipher suite TLS_CHACHA20_POLY1305_SHA256.
- 02
WireGuard tunnel data frames are encrypted with ChaCha20-Poly1305.
● Frequently asked questions
What is ChaCha20-Poly1305?
An AEAD construction pairing the ChaCha20 stream cipher with the Poly1305 one-time authenticator, standardised in RFC 8439 for TLS 1.3 and WireGuard. It belongs to the Cryptography category of cybersecurity.
What does ChaCha20-Poly1305 mean?
An AEAD construction pairing the ChaCha20 stream cipher with the Poly1305 one-time authenticator, standardised in RFC 8439 for TLS 1.3 and WireGuard.
How do you defend against ChaCha20-Poly1305?
Defences for ChaCha20-Poly1305 typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for ChaCha20-Poly1305?
Common alternative names include: ChaCha20/Poly1305, RFC 8439, ChaPoly.