Score:0

Can the security of Salsa20/Chacha20 be expanded to 448-bits if I fill the nonce and the Nothing-up-my-sleeve numbers with key material?

pf flag

As I studied, Salsa20/Chacha20 is basically a hash function that accepts a 64-byte input and returns a output of the same size of input.

128-bits of the input are filled with four "Nothing-up-my-sleeve numbers", 64-bits with the nonce and the other 64-bits field with counter. The rest, 256-bits, are filled with the key.

My question is:

Being Salsa20/Chacha20 basically a hash function, can its security be expanded to 448-bits if I fill the "Nothing-up-my-sleeve numbers" and nonce fields with key material?

Would this impact the security of the cipher?

phantomcraft avatar
pf flag
@kelalaka I told you, I have secrets I want to keep secret forever. I don't trust only 256-bit. Also, I wanna write a disk encryption program accepting keys up to 32768-bits, that's why I'm seeking for a encipherment scheme that allows this key sizes. I'm thinking on creating a modified Chacha20 with larger state sizes for that.
kelalaka avatar
in flag
Why do you need the 448-bit key? 256-bit enough for all. There is [XChaCha20](https://datatracker.ietf.org/doc/html/draft-arciszewski-xchacha) that has 192-bit nonces. You may look that
SAI Peregrinus avatar
si flag
"I don't trust only 256-bit." Why not? Why isn't several billion years enough?
Paul Uszak avatar
cn flag
Because you can't mathematically prove it's a billion years can you? Not through civilian mathematics. We don't attack ciphers via brute force. We go around them and through the middle. That's why we use one time pads.
Score:2
si flag

No, it cannot. A nonce is necessary to have any security at all if a key is ever reused. The "nothing up my sleeve" number is necessary to keep the input from all being attacker controlled, it prevents the all-zero block, and its asymmetry improves the confusion and diffusion of the function.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.