Cipher suites in TLS 1.3 are a combination of algorithms used for encryption and integrity.
TLS 1.3 has only five possible cipher suites, because it removed all unsecure cipher suites from TLS 1.2.
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_AES_128_CCM_8_SHA256
- TLS_CHACHA20_POLY1305_SHA256
In TLS 1.2, separate algorithms were used for encryption and integrity of the messages. However, in TLS 1.3, all cipher suites use AEAD algorithms.
AEAD stands for Authenticated Encryption with Associated Data.
AEAD algorithms provide both encryption and authentication in a single step, making the process a lot simpler.
For example, the cipher suite TLS_CHACHA20_POLY1305_SHA256 uses ChaCha20-Poly1305, as an AEAD cipher, and SHA-256 as a hash function for the Key Derivation Function. (Reminder: Key Derivation Function is used in TLS handshake to derive many keys)
Key Features About CHACHA20
- It’s a symmetric key encryption algorithm
- Developed by Google
- Simple design and implementation, making it faster than AES
- Known for its security and high speed.
- Generates a stream of pseudo-random bits called the key-stream. This key-stream is then XORed with the plaintext to produce the cipher-text.
- Widely Supported
Encryption & Integrity with ChaCha20
Okay, now the fun part.
Let’s visualize how the elegant design of ChaCha20 integrates with Poly1305.
First step is encrypt with CHACHA20.
At a high level, ChaCha20 will take as inputs a shared secret key, a nonce, and a counter.
Think of the nonce and counter as params used to increase the unpredictability and randomness of the cipher text.
The "20" in "ChaCha20" refers to the number of rounds the algorithm goes through to process the data. These rounds involve various operations such as bit manipulations, addition, rotation, and XOR operations.
There exists reduced round versions of ChaCha20 called ChaCha12 and ChaCha8.
Based on these inputs, the ChaCha20 algorithm generates a pseudorandom stream of bits called the key-stream.
Then, this key-stream is XORed with JayP’s plaintext message to produce the cipher text, in other words, the encrypted message.
After that, the encrypted message, and unencrypted associated data such as addresses, ports, timestamps, together with the nonce and the secret key are inputs of POLY1305.
The MAC (Message Authentication Code) algorithm POLY1305 will output a MAC.
The MAC, also referred to as the authentication tag, will be sent along with the encrypted message.
Verification with ChaCha20
Youtube, to decrypt and verify the message, would perform the reverse of the steps explained earlier.
1. Verification:
- Youtube calculates the authentication tag from the received cipher text, the shared secret key, the associated data, and the nonce.
- The calculated authentication tag is compared to the received authentication tag.
- If they match, Youtube knows that the received message has not been altered.
2. Decryption:
- The ChaCha20 stream cipher is used with all necessary params to generate the same pseudo random stream, which is XORed with the received cipher text to produce the plaintext.
Also Published here.
For the Animated Interactive Version:
