Trustica » XChaCha20 and Poly1305

XChaCha20 and Poly1305

Written by Dominik Joe Pantůček on January 3, 2019.

With symmetric key to protect all Cryptoucan™ secrets, it is necessary to use it properly both for symmetric encryption of the private data but also for ensuring the integrity of whatever is stored on the flash memory. Read on to learn more about our cipher and message authentication code of choice.

Last time we have discussed how to use a hash function^[1] BLAKE2^[2] to create a key-derivation function^[3]. Now we are going to look into using the derived key to encrypt some data.

The BLAKE2 hash function has its roots in ChaCha20^[4] symmetric encryption cipher. This is a peer-reviewed symmetric encryption system that is internally implemented as block cipher and allows for safe usage as a stream cipher. In this mode of operation it can protect confidentiality of the encrypted data. It does not, however, ensure data integrity.

To ensure data integrity, we need to combine the symmetric cipher with message authentication code (MAC)^[5]. And as many cryptologists agree, the algorithm Poly1305^[6] is a good choice for a MAC. Technically speaking it requires us to couple symmetric cipher with MAC in authenticated encryption with associated data (AEAD)^[7] mode. The authentication code produced by the Poly1305 algorithm is 128 bits long.

Also, although ChaCha20 is very strong cipher, its key setup can be improved to increase its overall strength even more. ChaCha20 with improved key setup is called XChaCha20^[8] and it uses 256-bit keys for encryption.

But the key alone is not enough to employ a symmetric cipher like this. For each encrypted piece of data you need a dedicated nonce – the initialization vector (IV)^[9]. This is another 256 bits of randomly generated data that ensures that no two different chunks of data get encrypted with the same key setup.

With these two algorithms at hand, it is possible to protect the master encryption key using different keys produced by different PINs. It is then also possible to protect all asymmetric keys with this single master encryption key – of course, for each and every one you need to use different IV. But if you look closely at our cryptographic model^[10], this is exactly what we do!

Thank you for starting the year 2019 with us and check here next week for more!

Referenes

1. Wikipedia contributors. (2018, November 9). Cryptographic hash function. In Wikipedia, The Free Encyclopedia. Retrieved 19:36, January 2, 2019, from https://en.wikipedia.org/w/index.php?title=Cryptographic_hash_function&oldid=868055371

2. BLAKE2 — fast secure hashing, available online at http://blake2.net/

3. Wikipedia contributors. (2018, September 5). Key derivation function. In Wikipedia, The Free Encyclopedia. Retrieved 19:02, December 26, 2018, from https://en.wikipedia.org/w/index.php?title=Key_derivation_function&oldid=858212346

4. Wikipedia contributors. (2018, November 21). Salsa20. In Wikipedia, The Free Encyclopedia. Retrieved 19:39, January 2, 2019, from https://en.wikipedia.org/w/index.php?title=Salsa20&oldid=869985911#ChaCha_variant

5. Wikipedia contributors. (2018, December 31). Message authentication code. In Wikipedia, The Free Encyclopedia. Retrieved 19:38, January 2, 2019, from https://en.wikipedia.org/w/index.php?title=Message_authentication_code&oldid=876192195

6. Wikipedia contributors. (2018, October 5). Poly1305. In Wikipedia, The Free Encyclopedia. Retrieved 19:39, January 2, 2019, from https://en.wikipedia.org/w/index.php?title=Poly1305&oldid=862673556

7. Wikipedia contributors. (2019, January 2). Authenticated encryption. In Wikipedia, The Free Encyclopedia. Retrieved 19:36, January 2, 2019, from https://en.wikipedia.org/w/index.php?title=Authenticated_encryption&oldid=876503067

8. Wikipedia contributors. (2018, November 21). Salsa20. In Wikipedia, The Free Encyclopedia. Retrieved 19:39, January 2, 2019, from https://en.wikipedia.org/w/index.php?title=Salsa20&oldid=869985911#XChaCha

9. Wikipedia contributors. (2018, November 21). Cryptographic nonce. In Wikipedia, The Free Encyclopedia. Retrieved 19:42, January 2, 2019, from https://en.wikipedia.org/w/index.php?title=Cryptographic_nonce&oldid=870012028

10. https://trustica.cz/en/2018/12/27/blake2-embedded-implementation/