IETF Logo Mail Archive

[Cfrg] Comment draft-irtf-cfrg-xchacha-01

Noah Schwarz <noah.anabiik.schwarz@gmail.com> Sat, 14 September 2019 09:39 UTC

Return-Path: <noah.anabiik.schwarz@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9460F120086 for <cfrg@ietfa.amsl.com>; Sat, 14 Sep 2019 02:39:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a0A9G_33MtT1 for <cfrg@ietfa.amsl.com>; Sat, 14 Sep 2019 02:39:31 -0700 (PDT)
Received: from mail-vs1-xe2d.google.com (mail-vs1-xe2d.google.com [IPv6:2607:f8b0:4864:20::e2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB6A3120059 for <cfrg@irtf.org>; Sat, 14 Sep 2019 02:39:30 -0700 (PDT)
Received: by mail-vs1-xe2d.google.com with SMTP id p13so5039764vsr.4 for <cfrg@irtf.org>; Sat, 14 Sep 2019 02:39:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=31vB6WS0tehuAgsiCsaECjLtQ5CP2sRoAnDis09mGeQ=; b=c8qXCKk4Ys9YRGcHOvDU+sXEcXnxkaa0Osf7yd6Zux05zDflzjbtO6TGSnkg+cFEbr R9qd6XClsD++LjcBLRmxOeRFk2fTrLUKUJVGqaQFJ+ib+RJ1n0vT7J95CUZkSlA/vcfy XYCaFc2anSUOroI/w8o+dcBSmrg/gycTX88y8gWoJSNR7qbbKgeDBVXZ6vbErVEturDd ktw/gboid+afqP3y/6kp2Knvz4kDkK0aLa8CcpDbRPCOBbEabOjf59QICPzAgGeWG2z6 EE1ZVd5R1I4dQeMg1ROAoGHFD4A4dfzpaqRBDiPNL8wYsTZEYMGuuyegATkH4h9rLe2k eIJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=31vB6WS0tehuAgsiCsaECjLtQ5CP2sRoAnDis09mGeQ=; b=ipbLfB+c1Y9GXJZGSNW7Vpq5z2Pu+jSqhlq/0Mgug8LY3mqKSqP+zcybhwnDVBFbbZ ITbsLm08lUmysLuHZPTdnbFa6hL7sXyEIWvMAZlvxksp16PnN70uxlg+t3BHdOXx61nJ 3PeRtf/MfAI1r/RWZV+MJeWChAcOxHgAmCWtcEjvOdQ1YYKztZco/2tGA/u195PxVges sANurBhAaxquIsOcuFIHve1mLwkETl08f9L+K8IE4lX6B28uQW/3Kszj2kN6w4p80Mmw ioVO6VcXEGYGSIXF13EmJPcXTRH0ilogZDlrABDu1PInwFXGVeVVp0o/zUUB2LZh/3de 0tjg==
X-Gm-Message-State: APjAAAVS109QUk+nVZVhchADBDpsq7K0Kc/AtquQm1onRy5OtHyWc1pX ebsezXedFWzc1IGMeCCjThOlX1aOJvK1twYiL179Cafo
X-Google-Smtp-Source: APXvYqxIPp3L4IG7y9UTWfUJfII/RuppugyQW9dEsl+7VC9btkKiX2wvZcKBlC27yeHr7f7iSHIN7yWO025Q669qSdc=
X-Received: by 2002:a67:f482:: with SMTP id o2mr22484235vsn.122.1568453969673; Sat, 14 Sep 2019 02:39:29 -0700 (PDT)
MIME-Version: 1.0
From: Noah Schwarz <noah.anabiik.schwarz@gmail.com>
Date: Sat, 14 Sep 2019 11:39:19 +0200
Message-ID: <CADp+LJK0afnw4DypZ2f+p=vgMOvHvDoy7UY+K7BbbXjX=SNa+A@mail.gmail.com>
To: cfrg@irtf.org
Content-Type: multipart/alternative; boundary="000000000000b582a70592802580"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/fG8_uymiqBmoEPlfYTlp9gpuN_w>
Subject: [Cfrg] Comment draft-irtf-cfrg-xchacha-01
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 14 Sep 2019 09:39:33 -0000

Dear CFRG,

Section 2.3.1 XChaCha20 Pseudocode is incorrect regarding the block counter.

Currently:

xchacha20_encrypt(key, nonce, plaintext):
    subkey = hchacha20(key, nonce[0:15])
    chacha20_nonce = "\x00\x00\x00\x00" + nonce[16:23]
    blk_ctr = 0
    return chacha20_encrypt(subkey, chacha20_nonce, plaintext, blk_ctr)

Correction:

xchacha20_encrypt(key, nonce, plaintext, blk_ctr):
    subkey = hchacha20(key, nonce[0:15])
    chacha20_nonce = "\x00\x00\x00\x00" + nonce[16:23]
    return chacha20_encrypt(subkey, chacha20_nonce, plaintext, blk_ctr)

Kind regards,

Noah Anabiik Schwarz

v2.23.0 | Report a Bug | By Email