[Cfrg] I-D Action: draft-arciszewski-xchacha-03.txt

internet-drafts@ietf.org Tue, 18 December 2018 18:26 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: cfrg@ietf.org
Delivered-To: cfrg@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B9B11311A6; Tue, 18 Dec 2018 10:26:14 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
Cc: cfrg@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.89.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: cfrg@ietf.org
Message-ID: <154515757401.5284.6920092969404940819@ietfa.amsl.com>
Date: Tue, 18 Dec 2018 10:26:14 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/azCmRszkL0zdDEMlRwNjkBEW1uo>
Subject: [Cfrg] I-D Action: draft-arciszewski-xchacha-03.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Dec 2018 18:26:14 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Crypto Forum RG of the IRTF.

        Title           : XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305
        Author          : Scott Arciszewski
	Filename        : draft-arciszewski-xchacha-03.txt
	Pages           : 15
	Date            : 2018-12-18

   The eXtended-nonce ChaCha cipher construction (XChaCha) allows for
   ChaCha-based ciphersuites to accept a 192-bit nonce with similar
   guarantees to the original construction, except with a much lower
   probability of nonce misuse occurring.  This enables XChaCha
   constructions to be stateless, while retaining the same security
   assumptions as ChaCha.

   This document defines XChaCha20, which uses HChaCha20 to convert the
   key and part of the nonce into a subkey, which is in turn used with
   the remainder of the nonce with ChaCha20 to generate a pseudorandom
   keystream (e.g. for message encryption).

   This document also defines AEAD_XChaCha20_Poly1305, a variant of
   [RFC7539] that utilizes the XChaCha20 construction in place of

The IETF datatracker status page for this draft is:

There are also htmlized versions available at:

A diff from the previous version is available at:

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at: