#stream-cipher #xchacha20 #random #chacha8 #chacha12

no-std chacha20

The ChaCha20 stream cipher (RFC 8439) implemented in pure Rust using traits from the RustCrypto cipher crate, with optional architecture-specific hardware acceleration (AVX2, SSE2). Additionally provides the ChaCha8, ChaCha12, XChaCha20, XChaCha12 and XChaCha8 stream ciphers, and also optional rand_core-compatible RNGs based on those ciphers.

22 releases

0.10.0-pre.2 Oct 7, 2024
0.10.0-pre.1 Jul 27, 2024
0.9.1 Apr 1, 2023
0.9.0 Feb 21, 2022
0.0.0 Oct 6, 2016

#1322 in Cryptography

Download history 214409/week @ 2024-08-20 234840/week @ 2024-08-27 246254/week @ 2024-09-03 211890/week @ 2024-09-10 206786/week @ 2024-09-17 220087/week @ 2024-09-24 238477/week @ 2024-10-01 224784/week @ 2024-10-08 251999/week @ 2024-10-15 246029/week @ 2024-10-22 222163/week @ 2024-10-29 228554/week @ 2024-11-05 260311/week @ 2024-11-12 251160/week @ 2024-11-19 226585/week @ 2024-11-26 221291/week @ 2024-12-03

999,095 downloads per month
Used in 1,343 crates (102 directly)

Apache-2.0 OR MIT

98KB
2K SLoC

RustCrypto: ChaCha20

Crate Docs Apache2/MIT licensed Rust Version Project Chat Build Status HAZMAT

Pure Rust implementation of the ChaCha20 Stream Cipher.

Documentation

About

ChaCha20 is a stream cipher which is designed to support high-performance software implementations.

It improves upon the previous Salsa20 stream cipher with increased per-round diffusion at no cost to performance.

This crate also contains an implementation of XChaCha20: a variant of ChaCha20 with an extended 192-bit (24-byte) nonce, gated under the chacha20 Cargo feature (on-by-default).

Implementations

This crate contains the following implementations of ChaCha20, all of which work on stable Rust with the following RUSTFLAGS:

  • x86 / x86_64
    • avx2: (~1.4cpb) -Ctarget-cpu=haswell -Ctarget-feature=+avx2
    • sse2: (~2.5cpb) -Ctarget-feature=+sse2 (on by default on x86 CPUs)
  • aarch64
    • neon (~2-3x faster than soft) requires Rust 1.61+ and the neon feature enabled
  • Portable
    • soft: (~5 cpb on x86/x86_64)

NOTE: cpb = cycles per byte (smaller is better)

Security

⚠️ Warning: Hazmat!

This crate does not ensure ciphertexts are authentic (i.e. by using a MAC to verify ciphertext integrity), which can lead to serious vulnerabilities if used incorrectly!

To avoid this, use an AEAD mode based on ChaCha20, i.e. ChaCha20Poly1305. See the RustCrypto/AEADs repository for more information.

USE AT YOUR OWN RISK!

Notes

This crate has received one security audit by NCC Group, with no significant findings. We would like to thank MobileCoin for funding the audit.

All implementations contained in the crate (along with the underlying ChaCha20 stream cipher itself) are designed to execute in constant time.

Minimum Supported Rust Version

Rust 1.65 or higher.

Minimum supported Rust version can be changed in the future, but it will be done with a minor version bump.

SemVer Policy

  • All on-by-default features of this library are covered by SemVer
  • MSRV is considered exempt from SemVer as noted above

License

Licensed under either of:

at your option.

Contribution

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

Dependencies

~0.3–0.8MB
~17K SLoC