ChaCha20-Poly1305

Pairs the ChaCha20 stream cipher with the Poly1305 message authentication code.

Difficulty: Advanced

How it works

  1. ChaCha20-Poly1305 takes a 256-bit key and a 96-bit nonce. ChaCha20 generates the keystream that encrypts the plaintext.
  2. Poly1305 is a fast one-time message authentication code. It uses part of the key material and the ciphertext (plus associated data) to produce an authentication tag.
  3. During encryption you get ciphertext plus a tag. During decryption you recompute the tag; if it does not match, you treat the message as invalid and do not reveal the plaintext.
  4. ChaCha20-Poly1305 is designed to be secure even on devices without hardware AES and to be resistant to timing attacks.
  5. In libraries you typically call a high-level function that takes key, nonce, plaintext and associated data and returns ciphertext plus tag.
Press Shift + Enter

What is it?

ChaCha20-Poly1305 is an Authenticated Encryption with Associated Data (AEAD) construction that pairs the ChaCha20 stream cipher with the Poly1305 message authentication code. Much like AES-GCM, it guarantees both the privacy and the integrity of data. However, because it relies on the ARX (Add-Rotate-XOR) design of ChaCha20, it is exceptionally fast on mobile and IoT devices that lack dedicated cryptographic hardware. Standardized by the IETF, it is the primary fallback (and often preferred alternative) to AES-GCM in modern secure protocols.

Try it yourself

Can you decrypt this challenge?

VHVY GUVF ZRNGL (example ciphertext)

Where this shows up today

To provide a secure, authenticated encryption scheme that drastically outperforms AES on hardware lacking dedicated cryptographic instructions.