paint-brush
Understanding Cipher Suites & AEAD — ChaCha20-Poly1305 Exampleby@jaypmedia
2,047 reads
2,047 reads

Understanding Cipher Suites & AEAD — ChaCha20-Poly1305 Example

by Jean-Paul RustomSeptember 8th, 2023
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Cipher suites in TLS 1.3 are a combination of algorithms used for encryption and integrity.
featured image - Understanding Cipher Suites & AEAD — ChaCha20-Poly1305 Example
Jean-Paul Rustom HackerNoon profile picture

Cipher suites in TLS 1.3 are a combination of algorithms used for encryption and integrity.


TLS 1.3 has only five possible cipher suites, because it removed all unsecure cipher suites from TLS 1.2.


  • TLS_AES_128_GCM_SHA256
  • TLS_AES_256_GCM_SHA384
  • TLS_AES_128_CCM_8_SHA256
  • TLS_CHACHA20_POLY1305_SHA256


In TLS 1.2, separate algorithms were used for encryption and integrity of the messages. However, in TLS 1.3, all cipher suites use AEAD algorithms.


AEAD stands for Authenticated Encryption with Associated Data.


AEAD algorithms provide both encryption and authentication in a single step, making the process a lot simpler.


TLS 1.2 & TLS 1.3



For example, the cipher suite TLS_CHACHA20_POLY1305_SHA256 uses ChaCha20-Poly1305, as an AEAD cipher, and SHA-256 as a hash function for the Key Derivation Function. (Reminder: Key Derivation Function is used in TLS handshake to derive many keys)

Key Features About CHACHA20

  • It’s a symmetric key encryption algorithm
  • Developed by Google
  • Simple design and implementation, making it faster than AES
  • Known for its security and high speed.
  • Generates a stream of pseudo-random bits called the key-stream. This key-stream is then XORed with the plaintext to produce the cipher-text.
  • Widely Supported


Key features about ChaCha20


Encryption & Integrity with ChaCha20

Okay, now the fun part.


Let’s visualize how the elegant design of ChaCha20 integrates with Poly1305.


First step is encrypt with CHACHA20.


At a high level, ChaCha20 will take as inputs a shared secret key, a nonce, and a counter.


Think of the nonce and counter as params used to increase the unpredictability and randomness of the cipher text.

AEAD with ChaCha20-Poly1305


The "20" in "ChaCha20" refers to the number of rounds the algorithm goes through to process the data. These rounds involve various operations such as bit manipulations, addition, rotation, and XOR operations.


There exists reduced round versions of ChaCha20 called ChaCha12 and ChaCha8.


ChaCha12 and ChaCha8


Based on these inputs, the ChaCha20 algorithm generates a pseudorandom stream of bits called the key-stream.


Then, this key-stream is XORed with JayP’s plaintext message to produce the cipher text, in other words, the encrypted message.


AEAD with ChaCha20-Poly1305


After that, the encrypted message, and unencrypted associated data such as addresses, ports, timestamps, together with the nonce and the secret key are inputs of POLY1305.


The MAC (Message Authentication Code) algorithm POLY1305 will output a MAC.


The MAC, also referred to as the authentication tag, will be sent along with the encrypted message.


AEAD with ChaCha20-Poly1305


Verification with ChaCha20


Youtube, to decrypt and verify the message, would perform the reverse of the steps explained earlier.


1. Verification:

- Youtube calculates the authentication tag from the received cipher text, the shared secret key, the associated data, and the nonce.

- The calculated authentication tag is compared to the received authentication tag.

- If they match, Youtube knows that the received message has not been altered.


Verification in AEAD with ChaCha20-Poly1305


2. Decryption:

- The ChaCha20 stream cipher is used with all necessary params to generate the same pseudo random stream, which is XORed with the received cipher text to produce the plaintext.    


Decryption in AEAD with ChaCha20-Poly1305



Also Published here.


For the Animated Interactive Version: