[Cfrg] I-D Action: draft-irtf-cfrg-xchacha-01.txt

internet-drafts@ietf.org Tue, 23 July 2019 00:15 UTC

Return-Path: <internet-drafts@ietf.org>
X-Original-To: cfrg@ietf.org
Delivered-To: cfrg@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 18617120045; Mon, 22 Jul 2019 17:15:05 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: internet-drafts@ietf.org
To: <i-d-announce@ietf.org>
Cc: cfrg@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.99.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: cfrg@ietf.org
Message-ID: <156384090502.22651.5859555115443460068@ietfa.amsl.com>
Date: Mon, 22 Jul 2019 17:15:05 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/coutz4vRfQdNmXf4RB4pcUOyIM8>
Subject: [Cfrg] I-D Action: draft-irtf-cfrg-xchacha-01.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jul 2019 00:15:05 -0000

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Crypto Forum RG of the IRTF.

        Title           : XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305
        Author          : Scott Arciszewski
	Filename        : draft-irtf-cfrg-xchacha-01.txt
	Pages           : 18
	Date            : 2019-07-22

   The eXtended-nonce ChaCha cipher construction (XChaCha) allows for
   ChaCha-based ciphersuites to accept a 192-bit nonce with similar
   guarantees to the original construction, except with a much lower
   probability of nonce misuse occurring.  This helps for long running
   TLS connections.  This also enables XChaCha constructions to be
   stateless, while retaining the same security assumptions as ChaCha.

   This document defines XChaCha20, which uses HChaCha20 to convert the
   key and part of the nonce into a subkey, which is in turn used with
   the remainder of the nonce with ChaCha20 to generate a pseudorandom
   keystream (e.g. for message encryption).

   This document also defines AEAD_XChaCha20_Poly1305, a variant of
   [RFC7539] that utilizes the XChaCha20 construction in place of

The IETF datatracker status page for this draft is:

There are also htmlized versions available at:

A diff from the previous version is available at:

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at: