![]() ![]() The troublesome and probably time consuming and resource consuming part is imagine every 64 bytes of keystream used up, you have to re-populate the entire matrices and re-setup your keystream by mixing your newly setup matrices again. The nice thing is the ChaCha20 quarter rounds are ARX-based and are fast if you don’t do 32-bit to 8-bit translation like what I did (to adapt to smart card CPUs). With the increment of the counter and then re-mix the the matrices, it should give you next 64 bytes worth of state. The correct way is to re-populate the matrices again: Here’s what happens if you simply re-use all matrices and only change the 32-bit counter: ![]() Now that the original ChaCha20 key, nonces, constants and counter are all mixed up beyond recognition, simply substituting the 32-bit counter for the next 64-byte message and intending to re-use the matrices state would be a very bad idea. ![]() One example below taken from the RFC document. ![]() The reason being the keystream and the matrices (lookup tables) were already permutated and the original keymat would not be present in the keystream nor the matrices after finishing a ChaCha20 cryptographic function thus, naively replacing the 32-bit counter meant that the next 64 bytes of keystream and matrices would be very different. While I was contemplating on how to make my ChaCha20 implementation faster, I recalled your question asking me in the previous Squid section why I couldn’t simply replace the cryptographic counter ChaCha20 uses instead of taking the initializing of the entire cipher approach.Īfter much thought, the answer would be it would be impossible to simply replace a 32-bit counter only. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |