Can the security of Salsa20/Chacha20 be expanded to 448-bits if I fill the nonce and the Nothing-up-my-sleeve numbers with key material?

phantomcraft

4/30/23, 6:41 PM

As I studied, Salsa20/Chacha20 is basically a hash function that accepts a 64-byte input and returns a output of the same size of input.

128-bits of the input are filled with four "Nothing-up-my-sleeve numbers", 64-bits with the nonce and the other 64-bits field with counter. The rest, 256-bits, are filled with the key.

My question is:

Being Salsa20/Chacha20 basically a hash function, can its security be expanded to 448-bits if I fill the "Nothing-up-my-sleeve numbers" and nonce fields with key material?

Would this impact the security of the cipher?

0 + 0

hash

keys

key-size

salsa20

chacha

phantomcraft

4/30/23, 1:00 AM

@kelalaka I told you, I have secrets I want to keep secret forever. I don't trust only 256-bit. Also, I wanna write a disk encryption program accepting keys up to 32768-bits, that's why I'm seeking for a encipherment scheme that allows this key sizes. I'm thinking on creating a modified Chacha20 with larger state sizes for that.

kelalaka

4/30/23, 7:20 PM

Why do you need the 448-bit key? 256-bit enough for all. There is [XChaCha20](https://datatracker.ietf.org/doc/html/draft-arciszewski-xchacha) that has 192-bit nonces. You may look that

SAI Peregrinus

5/1/23, 2:04 PM

"I don't trust only 256-bit." Why not? Why isn't several billion years enough?

Paul Uszak

5/1/23, 5:45 PM

Because you can't mathematically prove it's a billion years can you? Not through civilian mathematics. We don't attack ciphers via brute force. We go around them and through the middle. That's why we use one time pads.

Score:2

Crypto

SAI Peregrinus

5/1/23, 2:05 PM

No, it cannot. A nonce is necessary to have any security at all if a key is ever reused. The "nothing up my sleeve" number is necessary to keep the input from all being attacker controlled, it prevents the all-zero block, and its asymmetry improves the confusion and diffusion of the function.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can the security of Salsa20/Chacha20 be expanded to 448-bits if I fill the nonce and the Nothing-up-my-sleeve numbers with key material?

TH: ความปลอดภัยของ Salsa20/Chacha20 สามารถขยายเป็น 448 บิตได้หรือไม่หากฉันกรอกตัวเลข nonce และ Nothing-up-my-sleeve ด้วยเนื้อหาหลัก

RO: Securitatea Salsa20/Chacha20 poate fi extinsă la 448 de biți dacă completez numerele nonce și Nothing-up-my-sleeve cu material cheie?

RU: Можно ли расширить безопасность Salsa20/Chacha20 до 448 бит, если я заполню одноразовый номер и числа «Ничего в рукаве» ключевым материалом?

VI: Tính bảo mật của Salsa20/Chacha20 có thể được mở rộng thành 448 bit không nếu tôi điền vào số nonce và số Nothing-up-my-sleeve bằng tài liệu chính?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.