ChaCha20
What is ChaCha20?
ChaCha20 is a symmetric stream cipher designed by Daniel J. Bernstein.
It uses the same key for encryption and decryption and is a modern, secure alternative to older ciphers like RC4 and some AES modes.
Known for high speed, strong security, and resistance to timing attacks—ideal for mobile and embedded platforms.
Why is ChaCha20 useful?
High performance – Faster than AES on many systems without AES hardware support
Strong security – 256-bit key, 96-bit nonce, and robust resistance to cryptographic attacks
Simplicity – Easy to implement with fewer chances of implementation errors
Constant-time operation – Prevents timing-based side-channel attacks
Ideal for mobile/IoT – Lightweight and efficient for resource-constrained environments
How it works
Key setup – Uses a 256-bit key and a 96-bit nonce
Keystream generation – Produces a pseudorandom keystream
Encryption – Plaintext is XORed with the keystream → ciphertext
Decryption – Ciphertext is XORed with the same keystream → original plaintext
Note – No padding required; suitable for variable-length data
Where is ChaCha20 used?
TLS/SSL (HTTPS) – In the ChaCha20-Poly1305 AEAD cipher suite
Mobile apps – For messaging, file encryption, and VPNs on Android/iOS
OpenSSH – Secure remote access using ChaCha20
WireGuard VPN – Lightweight VPN protocol using ChaCha20
Encrypted file storage – Used in tools like VeraCrypt and age
Which OSI layer does this protocol belong to?
Presentation Layer (Layer 6)
Performs encryption/decryption and ensures confidentiality and integrity
Formats and protects data before it’s delivered to applications
Topics in this section,
In this section, you are going to learn
Terminology
Version Info
ChaCha20 Version |
ChaCha20 Number |
Year |
Core Idea / Contribution |
|---|---|---|---|
Fundamental ChaCha20 Cipher |
RFC 7539 |
2015 |
Defines ChaCha20 and Poly1305 for IETF protocols; provides a secure, fast stream cipher alternative to AES. |
ChaCha20-Poly1305 in TLS |
RFC 7905 |
2016 |
Specifies how to use ChaCha20-Poly1305 AEAD cipher suites in TLS and DTLS for secure communication. |
Extended Nonce Variant (XChaCha20) |
RFC 8439 |
2018 |
Introduces XChaCha20 with a 192-bit nonce for better nonce reuse resistance and improved security. |
AEAD Construction (ChaCha20-Poly1305) |
Part of RFC 7539 |
2015 |
Combines ChaCha20 with Poly1305 MAC to provide authenticated encryption (AEAD). |
Setup
Setup
ChaCha20 Encryption Packet
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
1 |
ChaCha20 Encryption Packet |
Used to encrypt a message using a symmetric key and nonce. |
~128200+ Bytes |
Symmetric Key |
A 256-bit (32-byte) secret key used for encryption and decryption. |
32 |
|
Nonce |
A 96-bit (12-byte) unique number used once per encryption session. |
12 |
|
Counter |
A 32-bit (4-byte) block counter to ensure unique keystream blocks. |
4 |
|
Keystream Block |
Pseudorandom output generated per 64-byte block. |
64 (per block) |
|
Ciphertext |
Encrypted message (plaintext XORed with keystream). |
Variable |
ChaCha20-Poly1305 AEAD Packet
S.No |
Protocol Packets |
Description |
Size(Bytes) |
|---|---|---|---|
2 |
ChaCha20-Poly1305 AEAD Packet |
Used for authenticated encryption (AEAD) combining ChaCha20 and Poly1305 |
~160250+ Bytes |
Symmetric Key |
Same 256-bit key used for both encryption and authentication. |
32 |
|
Nonce |
96-bit nonce used to initialize the cipher. |
12 |
|
AAD (Additional Authenticated Data) |
Optional data authenticated but not encrypted. |
Variable |
|
Ciphertext |
Encrypted message. |
Variable |
|
Authentication Tag |
128-bit (16-byte) tag generated by Poly1305 to ensure integrity. |
16 |
S.no |
Use Case |
Description |
|---|---|---|
1 |
TLS/SSL Encryption |
Used in HTTPS connections as part of the ChaCha20-Poly1305 cipher suite for secure web communication, especially on mobile devices. |
2 |
VPN Protocols |
Adopted in modern VPNs like WireGuard for fast, secure, and lightweight encryption. |
3 |
Secure Messaging |
Used in apps like Signal and WhatsApp for encrypting messages and calls. |
4 |
Mobile & Embedded Devices |
Preferred over AES on devices without hardware acceleration due to its speed and resistance to timing attacks. |
5 |
OpenSSH |
Used as an alternative to AES for encrypting SSH sessions, improving performance on low-power systems. |
6 |
Disk & File Encryption |
Employed in tools like VeraCrypt and age for encrypting files and volumes. |
7 |
IoT Devices |
Ideal for constrained environments due to its low memory and CPU requirements. |
8 |
Browser Security |
Supported by major browsers (e.g., Chrome, Firefox) for secure HTTPS connections. |
9 |
Cryptographic Libraries |
Integrated into libraries like libsodium and BoringSSL for general-purpose encryption. |
10 |
Authenticated Encryption (AEAD) |
Used with Poly1305 to provide both confidentiality and integrity in a single operation. |
S.no |
Feature |
Description |
|---|---|---|
1 |
Symmetric Stream Cipher |
Uses the same key for encryption and decryption; operates as a stream cipher. |
2 |
256-bit Key |
Provides strong security using a 256-bit secret key. |
3 |
96-bit Nonce |
Ensures uniqueness for each encryption session to prevent keystream reuse. |
4 |
20 Rounds of Mixing |
Performs 20 rounds of cryptographic mixing for high diffusion and security. |
5 |
No Padding Required |
Stream cipher design eliminates the need for padding, simplifying implementation. |
6 |
Constant-Time Execution |
Resistant to timing attacks due to uniform execution time. |
7 |
High Performance in Software |
Faster than AES on platforms without hardware acceleration. |
8 |
Simple and Compact Design |
Easy to implement correctly, reducing risk of bugs and vulnerabilities. |
9 |
AEAD Support (with Poly1305) |
Supports authenticated encryption for confidentiality and integrity. |
10 |
Cross-Platform Compatibility |
Works efficiently on desktops, mobile devices, and embedded systems. |
Symmetric Stream Cipher - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Valid Encryption-Decryption |
Encrypt and decrypt with same key and nonce |
Original plaintext recovered |
2 |
Invalid Key |
Use incorrect key for decryption |
Decryption fails or returns garbage |
3 |
Invalid Nonce |
Use incorrect nonce |
Decryption fails |
4 |
Empty Plaintext |
Encrypt empty string |
Returns empty ciphertext |
5 |
Empty Key |
Use empty key |
Error raised |
6 |
Empty Nonce |
Use empty nonce |
Error raised |
7 |
Maximum Key Length |
Use 256-bit key |
Encryption successful |
8 |
Minimum Key Length |
Use less than 256-bit key |
Error or warning |
9 |
Nonce Reuse |
Reuse nonce with same key |
Security warning |
10 |
Unique Nonce per Message |
Use new nonce for each message |
Encryption secure |
11 |
Encrypt Binary Data |
Encrypt binary file |
Decryption restores original |
12 |
Encrypt Text Data |
Encrypt string |
Decryption returns original |
13 |
Encrypt Unicode Text |
Encrypt Unicode string |
Decryption successful |
14 |
Encrypt Large File |
Encrypt 1GB file |
Decryption successful |
15 |
Encrypt Small File |
Encrypt 1-byte file |
Decryption successful |
16 |
Encrypt with All-Zero Key |
Use all-zero key |
Encryption works but insecure |
17 |
Encrypt with All-One Key |
Use all-one key |
Encryption works |
18 |
Encrypt with Random Key |
Use random 256-bit key |
Encryption successful |
19 |
Encrypt with Random Nonce |
Use random 96-bit nonce |
Encryption successful |
20 |
Encrypt with Reused Key |
Use same key across sessions |
Works but not recommended |
21 |
Encrypt with Reused Nonce |
Reuse nonce with same key |
Vulnerable to attack |
22 |
Encrypt with Different Nonce |
Use different nonce |
Different ciphertext |
23 |
Encrypt with Different Key |
Use different key |
Different ciphertext |
24 |
Encrypt with Offset |
Start encryption at offset |
Output matches expected |
25 |
Decrypt with Offset |
Start decryption at offset |
Output matches expected |
26 |
Encrypt with Seek |
Seek to position in stream |
Output matches expected |
27 |
Encrypt with Stream API |
Use stream interface |
Works as expected |
28 |
Encrypt with Block API |
Use block interface |
Works as expected |
29 |
Encrypt with Python |
Use PyCryptodome |
Encryption successful |
30 |
Encrypt with Go |
Use Go crypto library |
Encryption successful |
31 |
Encrypt with Rust |
Use RustCrypto |
Encryption successful |
32 |
Encrypt with Java |
Use BouncyCastle |
Encryption successful |
33 |
Encrypt with C++ |
Use libsodium |
Encryption successful |
34 |
Encrypt with Node.js |
Use crypto module |
Encryption successful |
35 |
Encrypt with OpenSSL |
Use ChaCha20-Poly1305 |
Encryption successful |
36 |
Encrypt with Wrong Stream Position |
Use incorrect counter |
Decryption fails |
37 |
Encrypt with Correct Stream Position |
Use correct counter |
Decryption successful |
38 |
Encrypt with Short Nonce |
Use 64-bit nonce |
Error or warning |
39 |
Encrypt with Long Nonce |
Use 128-bit nonce |
Error or warning |
40 |
Encrypt with 96-bit Nonce |
Use standard nonce size |
Encryption successful |
41 |
Encrypt with IV Misuse |
Use IV as nonce |
Security warning |
42 |
Encrypt with Key Derivation |
Derive key from password |
Key used successfully |
43 |
Encrypt with Key Rotation |
Rotate key periodically |
Encryption remains valid |
44 |
Encrypt with Key Expiry |
Use expired key |
Operation denied |
45 |
Encrypt with Key Tampering |
Modify key mid-stream |
Decryption fails |
46 |
Encrypt with Logging Enabled |
Log encryption steps |
Logs show key/nonce usage |
47 |
Encrypt with Debug Mode |
Enable debug |
Internal state visible |
48 |
Encrypt with Performance Benchmark |
Measure speed |
High throughput |
49 |
Encrypt with Side-Channel Protection |
Use constant-time ops |
No leakage |
50 |
Encrypt with Compliance Check |
Validate against RFC 8439 |
Fully compliant |
256-bit Key - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Valid 256-bit Key |
Use a 32-byte key |
Encryption successful |
2 |
Invalid Key Length (Too Short) |
Use 16-byte key |
Error raised |
3 |
Invalid Key Length (Too Long) |
Use 40-byte key |
Error raised |
4 |
All-Zero Key |
Use 32 bytes of 0x00 |
Encryption works (but insecure) |
5 |
All-One Key |
Use 32 bytes of 0xFF |
Encryption works |
6 |
Random Key |
Use securely generated key |
Encryption successful |
7 |
Reused Key |
Use same key across sessions |
Works but not recommended |
8 |
Key Rotation |
Change key periodically |
Encryption remains valid |
9 |
Key Expiry |
Use expired key |
Operation denied |
10 |
Key Tampering |
Modify key mid-stream |
Decryption fails |
11 |
Key Format: Hex |
Provide key in hex |
Accepted |
12 |
Key Format: Binary |
Provide key in binary |
Accepted |
13 |
Key Format: Base64 |
Provide key in base64 |
Decoded and accepted |
14 |
Key Format: ASCII |
Provide ASCII string |
Converted or rejected |
15 |
Key Entropy Check |
Use low-entropy key |
Warning issued |
16 |
Key Entropy Check (High) |
Use high-entropy key |
Accepted |
17 |
Key Derivation |
Derive key from password |
Key generated correctly |
18 |
Key Agreement |
Use Diffie-Hellman to derive key |
Shared key used |
19 |
Key Storage |
Store key securely |
Key not exposed |
20 |
Key Retrieval |
Retrieve key from vault |
Key loaded correctly |
21 |
Key Logging |
Ensure key not logged |
Logs clean |
22 |
Key Audit Trail |
Track key usage |
Audit complete |
23 |
Key Access Control |
Restrict key access |
Unauthorized blocked |
24 |
Key Sharing |
Share key securely |
Key encrypted in transit |
25 |
Key Injection |
Inject key into secure module |
Key accepted |
26 |
Key Export |
Export key securely |
Key encrypted |
27 |
Key Import |
Import key |
Key validated |
28 |
Key Backup |
Backup key |
Backup successful |
29 |
Key Restore |
Restore from backup |
Key restored |
30 |
Key Comparison |
Compare two 256-bit keys |
Match or mismatch detected |
31 |
Key Collision |
Use two keys with same hash |
Different encryption results |
32 |
Key Reuse Detection |
Detect reused key |
Warning issued |
33 |
Key Validation |
Validate key length and format |
Key accepted or rejected |
34 |
Key with Nonce |
Use key with valid nonce |
Encryption successful |
35 |
Key with Invalid Nonce |
Use key with wrong nonce |
Decryption fails |
36 |
Key with Offset |
Use key with stream offset |
Output matches expected |
37 |
Key with Seek |
Seek to position in stream |
Output matches expected |
38 |
Key with Stream API |
Use key in stream mode |
Works as expected |
39 |
Key with Block API |
Use key in block mode |
Works as expected |
40 |
Key with AEAD |
Use key with ChaCha20-Poly1305 |
Authenticated encryption successful |
41 |
Key with AEAD Failure |
Use wrong key for AEAD |
Authentication fails |
42 |
Key with Performance Test |
Benchmark encryption |
High throughput |
43 |
Key with Side-Channel Protection |
Use constant-time ops |
No leakage |
44 |
Key with Compliance Check |
Validate against RFC 8439 |
Fully compliant |
45 |
Key with Hardware Acceleration |
Use hardware crypto |
Faster encryption |
46 |
Key with Software Library |
Use PyCryptodome or libsodium |
Key accepted |
47 |
Key with Cross-Platform Use |
Encrypt on one OS, decrypt on another |
Decryption successful |
48 |
Key with Language Interop |
Encrypt in Python, decrypt in Go |
Decryption successful |
49 |
Key with Legacy System |
Use in older system |
May not be supported |
50 |
Key with Modern System |
Use in modern crypto suite |
Fully supported |
96-bit Nonce - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Valid 96-bit Nonce |
Use 12-byte nonce |
Encryption successful |
2 |
Invalid Nonce Length (Too Short) |
Use 8-byte nonce |
Error raised |
3 |
Invalid Nonce Length (Too Long) |
Use 16-byte nonce |
Error raised |
4 |
All-Zero Nonce |
Use 12 bytes of 0x00 |
Encryption works (not recommended) |
5 |
All-One Nonce |
Use 12 bytes of 0xFF |
Encryption works |
6 |
Random Nonce |
Use securely generated nonce |
Encryption successful |
7 |
Reused Nonce with Same Key |
Encrypt two messages |
Security risk (keystream reuse) |
8 |
Unique Nonce per Message |
Use new nonce each time |
Secure encryption |
9 |
Nonce Collision Detection |
Detect reused nonce |
Warning or error |
10 |
Nonce Logging |
Log nonce used |
Nonce recorded |
11 |
Nonce Format: Hex |
Provide nonce in hex |
Accepted |
12 |
Nonce Format: Binary |
Provide nonce in binary |
Accepted |
13 |
Nonce Format: Base64 |
Provide nonce in base64 |
Decoded and accepted |
14 |
Nonce Format: ASCII |
Provide ASCII string |
Converted or rejected |
15 |
Nonce with Offset |
Use nonce with stream offset |
Output matches expected |
16 |
Nonce with Seek |
Seek to position in stream |
Output matches expected |
17 |
Nonce with Stream API |
Use nonce in stream mode |
Works as expected |
18 |
Nonce with Block API |
Use nonce in block mode |
Works as expected |
19 |
Nonce with AEAD |
Use nonce in ChaCha20-Poly1305 |
Authenticated encryption successful |
20 |
Nonce with AEAD Failure |
Use wrong nonce |
Authentication fails |
21 |
Nonce with Key Rotation |
Use new key with same nonce |
Secure if key is unique |
22 |
Nonce with Key Reuse |
Use same key and nonce |
Insecure |
23 |
Nonce with Expired Session |
Use nonce from old session |
Rejected or flagged |
24 |
Nonce with Replay Attack |
Replay encrypted message |
Detected if nonce tracked |
25 |
Nonce with Logging Disabled |
Disable nonce logging |
No nonce in logs |
26 |
Nonce with Debug Mode |
Enable debug |
Nonce visible in trace |
27 |
Nonce with Performance Test |
Benchmark with unique nonces |
High throughput |
28 |
Nonce with Side-Channel Protection |
Use constant-time ops |
No leakage |
29 |
Nonce with Compliance Check |
Validate against RFC 8439 |
Fully compliant |
30 |
Nonce with Hardware Crypto |
Use nonce in HSM |
Accepted |
31 |
Nonce with Software Library |
Use PyCryptodome/libsodium |
Nonce accepted |
32 |
Nonce with Cross-Platform Use |
Encrypt on one OS, decrypt on another |
Decryption successful |
33 |
Nonce with Language Interop |
Encrypt in Python, decrypt in Go |
Decryption successful |
34 |
Nonce with Legacy System |
Use in older system |
May not support 96-bit |
35 |
Nonce with Modern System |
Use in modern crypto suite |
Fully supported |
36 |
Nonce with All-Zero Key |
Use zero key and nonce |
Works but insecure |
37 |
Nonce with All-One Key |
Use all-one key and nonce |
Works |
38 |
Nonce with Random Key |
Use random key and nonce |
Secure encryption |
39 |
Nonce with Key Derivation |
Derive key, use nonce |
Works securely |
40 |
Nonce with Key Agreement |
Use DH key, apply nonce |
Secure session |
41 |
Nonce with Key Expiry |
Use expired key and nonce |
Operation denied |
42 |
Nonce with Key Tampering |
Modify key, use nonce |
Decryption fails |
43 |
Nonce with AEAD Replay |
Replay AEAD message |
Authentication fails |
44 |
Nonce with AEAD Logging |
Log nonce and tag |
Traceable |
45 |
Nonce with AEAD Integrity |
Modify ciphertext |
Tag verification fails |
46 |
Nonce with AEAD Confidentiality |
Modify nonce |
Decryption fails |
47 |
Nonce with AEAD Compliance |
Validate nonce use |
RFC 8439 compliant |
48 |
Nonce with AEAD Performance |
Benchmark AEAD with nonce |
High throughput |
49 |
Nonce with AEAD in TLS |
Use in TLS 1.3 |
Secure session |
50 |
Nonce with AEAD in SSH |
Use in OpenSSH |
Secure and supported |
20 Rounds of Mixing - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Standard 20 Rounds |
Run ChaCha20 with default rounds |
Encryption successful |
2 |
Reduced Rounds (8) |
Use 8 rounds |
Weaker encryption |
3 |
Reduced Rounds (12) |
Use 12 rounds |
Moderate security |
4 |
Increased Rounds (24) |
Use 24 rounds |
Higher security, slower |
5 |
Round Count Validation |
Set rounds to 20 |
Accepted |
6 |
Invalid Round Count (0) |
Set rounds to 0 |
Error raised |
7 |
Invalid Round Count (Odd) |
Set rounds to 15 |
Error or warning |
8 |
Round Function Output |
Inspect output after 20 rounds |
High diffusion |
9 |
Avalanche Effect |
Flip 1 input bit |
>50% output bits change |
10 |
Round-by-Round Logging |
Log state after each round |
All 20 rounds logged |
11 |
Round Key Mixing |
Verify key mixing in each round |
Keys influence output |
12 |
Quarter Round Function |
Test quarter round logic |
Output matches spec |
13 |
Column Round Execution |
Execute column rounds |
State updated correctly |
14 |
Diagonal Round Execution |
Execute diagonal rounds |
State updated correctly |
15 |
Round Symmetry |
Reverse round order |
Output differs |
16 |
Round Repetition |
Repeat a round |
Output deviates |
17 |
Round Skipping |
Skip a round |
Output deviates |
18 |
Round Order Change |
Change round sequence |
Output incorrect |
19 |
Round Function Isolation |
Test one round only |
Output partially diffused |
20 |
Round Function Timing |
Measure time per round |
Consistent timing |
21 |
Round Function Bit Sensitivity |
Flip 1 key bit |
Output changes significantly |
22 |
Round Function Input Size |
Use 512-bit input |
Accepted |
23 |
Round Function Output Size |
Output is 512 bits |
Validated |
24 |
Round Function with Padding |
Input with padding |
Padding handled |
25 |
Round Function with No Padding |
Input aligned |
No padding needed |
26 |
Round Function with ECB Mode |
Use ECB |
Rounds executed |
27 |
Round Function with CBC Mode |
Use CBC |
Rounds executed |
28 |
Round Function with CFB Mode |
Use CFB |
Rounds executed |
29 |
Round Function with OFB Mode |
Use OFB |
Rounds executed |
30 |
Round Function with CTR Mode |
Use CTR |
Rounds executed |
31 |
Round Function with IV |
Use IV |
IV applied before rounds |
32 |
Round Function with Fault Tolerance |
Simulate fault |
Error detected |
33 |
Round Function with Logging Disabled |
Disable logs |
No round logs |
34 |
Round Function with Debug Mode |
Enable debug |
Round internals visible |
35 |
Round Function with Hardware Acceleration |
Use hardware |
Faster execution |
36 |
Round Function with Software Library |
Use libsodium |
Rounds executed correctly |
37 |
Round Function with Compliance Check |
Validate against RFC 8439 |
All steps compliant |
38 |
Round Function with Side-Channel Protection |
Use constant-time ops |
No leakage |
39 |
Round Function with Performance Benchmark |
Measure speed |
High throughput |
40 |
Round Function with Cross-Platform Use |
Encrypt on one OS, decrypt on another |
Decryption successful |
41 |
Round Function with Language Interop |
Encrypt in Python, decrypt in Go |
Decryption successful |
42 |
Round Function with Legacy System |
Use in older system |
May not support full rounds |
43 |
Round Function with Modern System |
Use in modern crypto suite |
Fully supported |
44 |
Round Function with All-Zero Key |
Use zero key |
Still diffuses input |
45 |
Round Function with All-One Key |
Use all-one key |
Still diffuses input |
46 |
Round Function with Random Key |
Use random key |
Output unpredictable |
47 |
Round Function with Random Nonce |
Use random nonce |
Output unpredictable |
48 |
Round Function with Reused Nonce |
Use same nonce |
Output reused (insecure) |
49 |
Round Function with AEAD |
Use with Poly1305 |
Rounds executed before MAC |
50 |
Round Function with AEAD Failure |
Modify ciphertext |
Authentication fails |
No Padding Required - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Encrypt 1 Byte |
Encrypt single byte |
No padding added |
2 |
Encrypt 7 Bytes |
Encrypt 7-byte input |
No padding added |
3 |
Encrypt 8 Bytes |
Encrypt 8-byte input |
No padding added |
4 |
Encrypt 15 Bytes |
Encrypt 15-byte input |
No padding added |
5 |
Encrypt 16 Bytes |
Encrypt 16-byte input |
No padding added |
6 |
Encrypt 31 Bytes |
Encrypt 31-byte input |
No padding added |
7 |
Encrypt 32 Bytes |
Encrypt 32-byte input |
No padding added |
8 |
Encrypt 33 Bytes |
Encrypt 33-byte input |
No padding added |
9 |
Encrypt 100 Bytes |
Encrypt 100-byte input |
No padding added |
10 |
Encrypt 1MB File |
Encrypt large file |
No padding added |
11 |
Encrypt Empty Input |
Encrypt empty string |
No padding added |
12 |
Encrypt with Stream API |
Use stream interface |
No padding added |
13 |
Encrypt with Block API |
Use block interface |
No padding added |
14 |
Encrypt with AEAD |
Use ChaCha20-Poly1305 |
No padding added |
15 |
Encrypt with Offset |
Start at offset |
No padding added |
16 |
Encrypt with Seek |
Seek to stream position |
No padding added |
17 |
Encrypt with Random Length |
Encrypt random-length input |
No padding added |
18 |
Encrypt with Unicode |
Encrypt Unicode string |
No padding added |
19 |
Encrypt with Binary Data |
Encrypt binary file |
No padding added |
20 |
Encrypt with JSON |
Encrypt JSON string |
No padding added |
21 |
Encrypt with XML |
Encrypt XML string |
No padding added |
22 |
Encrypt with CSV |
Encrypt CSV data |
No padding added |
23 |
Encrypt with Image File |
Encrypt PNG/JPG |
No padding added |
24 |
Encrypt with Audio File |
Encrypt MP3/WAV |
No padding added |
25 |
Encrypt with Video File |
Encrypt MP4 |
No padding added |
26 |
Encrypt with Log File |
Encrypt .log file |
No padding added |
27 |
Encrypt with Config File |
Encrypt .ini/.yaml |
No padding added |
28 |
Encrypt with Executable |
Encrypt .exe/.bin |
No padding added |
29 |
Encrypt with Script File |
Encrypt .py/.sh |
No padding added |
30 |
Encrypt with HTML |
Encrypt HTML content |
No padding added |
31 |
Encrypt with PDF |
Encrypt PDF file |
No padding added |
32 |
Encrypt with Office Document |
Encrypt .docx/.xlsx |
No padding added |
33 |
Encrypt with Email Body |
Encrypt email text |
No padding added |
34 |
Encrypt with Chat Message |
Encrypt short message |
No padding added |
35 |
Encrypt with IoT Sensor Data |
Encrypt small packets |
No padding added |
36 |
Encrypt with API Payload |
Encrypt HTTP payload |
No padding added |
37 |
Encrypt with Database Field |
Encrypt DB column |
No padding added |
38 |
Encrypt with Password |
Encrypt password string |
No padding added |
39 |
Encrypt with Token |
Encrypt access token |
No padding added |
40 |
Encrypt with Session ID |
Encrypt session string |
No padding added |
41 |
Encrypt with Key Material |
Encrypt key blob |
No padding added |
42 |
Encrypt with Metadata |
Encrypt file metadata |
No padding added |
43 |
Encrypt with Checksum |
Encrypt hash/checksum |
No padding added |
44 |
Encrypt with Timestamp |
Encrypt time value |
No padding added |
45 |
Encrypt with UUID |
Encrypt unique ID |
No padding added |
46 |
Encrypt with Random Bytes |
Encrypt random buffer |
No padding added |
47 |
Encrypt with Structured Data |
Encrypt protobuf/CBOR |
No padding added |
48 |
Encrypt with Compressed Data |
Encrypt zipped file |
No padding added |
49 |
Encrypt with Encrypted Data |
Re-encrypt ciphertext |
No padding added |
50 |
Encrypt with Mixed Content |
Encrypt text + binary |
No padding added |
Constant-time Execution - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Encrypt Same Input Twice |
Encrypt same data twice |
Execution time consistent |
2 |
Encrypt Different Inputs |
Encrypt different data |
Execution time consistent |
3 |
Encrypt with All-Zero Key |
Use 0x00 key |
Execution time consistent |
4 |
Encrypt with All-One Key |
Use 0xFF key |
Execution time consistent |
5 |
Encrypt with Random Key |
Use random key |
Execution time consistent |
6 |
Encrypt with Short Input |
Encrypt 1 byte |
Execution time consistent |
7 |
Encrypt with Long Input |
Encrypt 1 MB |
Time scales linearly, no spikes |
8 |
Encrypt with Similar Inputs |
Encrypt similar plaintexts |
No timing variation |
9 |
Encrypt with Dissimilar Inputs |
Encrypt very different data |
No timing variation |
10 |
Encrypt with Reused Nonce |
Use same nonce |
Execution time consistent |
11 |
Encrypt with Unique Nonce |
Use different nonce |
Execution time consistent |
12 |
Encrypt with Same Key, Different Nonce |
Change nonce only |
No timing difference |
13 |
Encrypt with Same Nonce, Different Key |
Change key only |
No timing difference |
14 |
Decrypt Same Ciphertext |
Decrypt same data |
Time consistent |
15 |
Decrypt Different Ciphertexts |
Decrypt different data |
Time consistent |
16 |
Measure Execution Time (1KB) |
Encrypt 1KB |
Time within expected range |
17 |
Measure Execution Time (10KB) |
Encrypt 10KB |
Time scales linearly |
18 |
Measure Execution Time (100KB) |
Encrypt 100KB |
Time scales linearly |
19 |
Measure Execution Time (1MB) |
Encrypt 1MB |
Time scales linearly |
20 |
Timing with Hardware Acceleration |
Use hardware crypto |
Constant-time maintained |
21 |
Timing with Software Library |
Use libsodium |
Constant-time maintained |
22 |
Timing with Python |
Use PyCryptodome |
Constant-time behavior |
23 |
Timing with Go |
Use Go crypto |
Constant-time behavior |
24 |
Timing with Rust |
Use RustCrypto |
Constant-time behavior |
25 |
Timing with Java |
Use BouncyCastle |
Constant-time behavior |
26 |
Timing with C++ |
Use Crypto++ |
Constant-time behavior |
27 |
Timing with Node.js |
Use crypto module |
Constant-time behavior |
28 |
Timing with .NET |
Use System.Security |
Constant-time behavior |
29 |
Timing with OpenSSL |
Use ChaCha20 |
Constant-time behavior |
30 |
Timing with AEAD |
Use ChaCha20-Poly1305 |
Constant-time maintained |
31 |
Timing with AEAD Failure |
Modify tag |
Time does not reveal failure |
32 |
Timing with AEAD Success |
Valid tag |
Time indistinguishable from failure |
33 |
Timing with Invalid Key |
Use wrong key |
Time consistent |
34 |
Timing with Invalid Nonce |
Use wrong nonce |
Time consistent |
35 |
Timing with Invalid Ciphertext |
Corrupt ciphertext |
Time consistent |
36 |
Timing with Invalid Length |
Use incorrect length |
Time consistent |
37 |
Timing with Bit Flips |
Flip 1 bit in input |
No timing change |
38 |
Timing with All-Zero Input |
Encrypt 0x00 data |
Time consistent |
39 |
Timing with All-One Input |
Encrypt 0xFF data |
Time consistent |
40 |
Timing with Mixed Input |
Encrypt random data |
Time consistent |
41 |
Timing with Repeated Patterns |
Encrypt repeating bytes |
Time consistent |
42 |
Timing with Structured Data |
Encrypt JSON/XML |
Time consistent |
43 |
Timing with Binary Files |
Encrypt image/audio |
Time consistent |
44 |
Timing with Short Sessions |
Encrypt short message |
Time consistent |
45 |
Timing with Long Sessions |
Encrypt long stream |
Time scales linearly |
46 |
Timing with Seek |
Seek to stream position |
Time consistent |
47 |
Timing with Offset |
Start at offset |
Time consistent |
48 |
Timing with Logging Enabled |
Log during encryption |
No timing leak |
49 |
Timing with Debug Mode |
Enable debug |
No timing leak |
50 |
Timing with Side-Channel Test |
Simulate timing attack |
No key leakage detected |
High Performance in Software - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Encrypt 1KB with ChaCha20 |
Measure time |
Fast encryption |
2 |
Encrypt 1KB with AES (no hardware) |
Measure time |
Slower than ChaCha20 |
3 |
Encrypt 10MB with ChaCha20 |
Benchmark |
High throughput |
4 |
Encrypt 10MB with AES (software) |
Benchmark |
Lower throughput |
5 |
Decrypt 1KB with ChaCha20 |
Measure time |
Fast decryption |
6 |
Decrypt 1KB with AES (software) |
Measure time |
Slower decryption |
7 |
CPU Usage (ChaCha20) |
Monitor CPU during encryption |
Lower usage |
8 |
CPU Usage (AES) |
Monitor CPU during encryption |
Higher usage |
9 |
Memory Usage (ChaCha20) |
Monitor memory |
Efficient usage |
10 |
Memory Usage (AES) |
Monitor memory |
Slightly higher |
11 |
Mobile Device Performance |
Encrypt on Android |
ChaCha20 faster |
12 |
Embedded Device Performance |
Encrypt on IoT board |
ChaCha20 faster |
13 |
Desktop Performance |
Encrypt on x86 CPU |
ChaCha20 performs well |
14 |
Server Performance |
Encrypt on server without AES-NI |
ChaCha20 outperforms AES |
15 |
Encrypt with Python |
Use PyCryptodome |
ChaCha20 faster |
16 |
Encrypt with Go |
Use Go crypto |
ChaCha20 faster |
17 |
Encrypt with Rust |
Use RustCrypto |
ChaCha20 faster |
18 |
Encrypt with Java |
Use BouncyCastle |
ChaCha20 faster |
19 |
Encrypt with Node.js |
Use crypto module |
ChaCha20 faster |
20 |
Encrypt with C++ |
Use libsodium |
ChaCha20 faster |
21 |
Encrypt with .NET |
Use System.Security |
ChaCha20 performs well |
22 |
Encrypt with OpenSSL |
Use ChaCha20 |
High performance |
23 |
Encrypt with WebAssembly |
Run in browser |
ChaCha20 performs well |
24 |
Encrypt with ARM CPU |
Use Raspberry Pi |
ChaCha20 faster |
25 |
Encrypt with RISC-V |
Use RISC-V board |
ChaCha20 performs well |
26 |
Encrypt with No SIMD |
Disable vector instructions |
ChaCha20 still fast |
27 |
Encrypt with SIMD |
Use vectorized ChaCha20 |
Even faster |
28 |
Encrypt with Multi-threading |
Parallel encryption |
High throughput |
29 |
Encrypt with Single Thread |
No parallelism |
Still fast |
30 |
Encrypt with Low Power Mode |
Use energy-saving CPU mode |
ChaCha20 efficient |
31 |
Encrypt with Battery Constraints |
Mobile device test |
ChaCha20 conserves power |
32 |
Encrypt with AES-NI Disabled |
Disable AES hardware |
ChaCha20 faster |
33 |
Encrypt with AES-NI Enabled |
Enable AES hardware |
AES faster |
34 |
Encrypt with AES-GCM |
Compare with ChaCha20-Poly1305 |
ChaCha20 faster in software |
35 |
Encrypt with ChaCha20-Poly1305 |
Use AEAD mode |
High performance |
36 |
Encrypt with Short Messages |
Encrypt 64-byte packets |
ChaCha20 faster |
37 |
Encrypt with Long Messages |
Encrypt 1MB file |
ChaCha20 scales well |
38 |
Encrypt with Streaming Data |
Encrypt live stream |
ChaCha20 performs well |
39 |
Encrypt with File System |
Encrypt files on disk |
ChaCha20 faster |
40 |
Encrypt with Network Packets |
Encrypt UDP/TCP payloads |
ChaCha20 faster |
41 |
Encrypt with TLS |
Use ChaCha20 in TLS 1.3 |
Fast handshake and data |
42 |
Encrypt with SSH |
Use ChaCha20 in OpenSSH |
Fast session setup |
43 |
Encrypt with VPN |
Use ChaCha20 in WireGuard |
High throughput |
44 |
Encrypt with Messaging App |
Use ChaCha20 in Signal |
Fast message encryption |
45 |
Encrypt with Email Client |
Use ChaCha20 in S/MIME |
Fast encryption |
46 |
Encrypt with Cloud Function |
Run in serverless environment |
ChaCha20 efficient |
47 |
Encrypt with Container |
Run in Docker |
ChaCha20 performs well |
48 |
Encrypt with Virtual Machine |
Run in VM |
ChaCha20 performs well |
49 |
Encrypt with No Hardware Support |
Use generic CPU |
ChaCha20 outperforms AES |
50 |
Encrypt with Hardware Support |
Use AES-NI |
AES faster, but ChaCha20 still competitive |
Design - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Minimal Implementation |
Implement core ChaCha20 in <200 lines |
Functional and secure |
2 |
No Lookup Tables |
Verify no S-boxes or tables used |
Confirmed |
3 |
No Branching on Secret Data |
Check for constant-time logic |
No timing leaks |
4 |
Stateless Core Function |
Test core function |
Stateless and deterministic |
5 |
Easy Key Setup |
Initialize with 256-bit key |
Simple and direct |
6 |
Easy Nonce Setup |
Initialize with 96-bit nonce |
Simple and direct |
7 |
No Padding Logic |
Encrypt arbitrary-length input |
No padding required |
8 |
No Mode-Specific Logic |
No need for ECB/CBC logic |
Simplified design |
9 |
No IV Misuse Risk |
Use nonce instead of IV |
Safer design |
10 |
No Key Expansion Needed |
Use key directly |
No extra derivation |
11 |
No Complex State Machine |
Encrypt with simple loop |
Easy to follow |
12 |
No External Dependencies |
Implement without libraries |
Works standalone |
13 |
Easy to Port |
Port to embedded C |
Works with minimal changes |
14 |
Easy to Port to Python |
Implement in Python |
Works with basic types |
15 |
Easy to Port to Rust |
Implement in Rust |
Safe and compact |
16 |
Easy to Port to Go |
Implement in Go |
Simple and readable |
17 |
Easy to Port to JavaScript |
Implement in JS |
Works in browser |
18 |
Easy to Port to Java |
Implement in Java |
Works with standard libs |
19 |
Easy to Port to C++ |
Implement in C++ |
Works with STL |
20 |
Easy to Port to .NET |
Implement in C# |
Works with built-in types |
21 |
Easy to Audit |
Review code manually |
Logic is clear |
22 |
Easy to Test |
Write unit tests |
All pass |
23 |
Easy to Debug |
Trace internal state |
Predictable behavior |
24 |
Easy to Document |
Add comments |
Code is self-explanatory |
25 |
Easy to Maintain |
Update implementation |
Minimal effort |
26 |
Easy to Integrate |
Add to existing app |
Minimal dependencies |
27 |
Easy to Validate |
Compare against test vectors |
Matches expected output |
28 |
Easy to Benchmark |
Measure performance |
Consistent results |
29 |
Easy to Optimize |
Improve performance |
No structural changes |
30 |
Easy to Secure |
Avoid side-channel leaks |
Constant-time logic |
31 |
No Key Schedule Bugs |
Use key directly |
No expansion errors |
32 |
No Block Alignment Issues |
Encrypt any length |
No alignment logic |
33 |
No Cipher Mode Confusion |
Stream cipher only |
No mode selection needed |
34 |
No MAC Confusion |
Use Poly1305 separately |
Clear separation |
35 |
No Buffer Overflows |
Use safe indexing |
No crashes |
36 |
No Memory Leaks |
Use managed memory |
Clean execution |
37 |
No Undefined Behavior |
Use standard types |
Safe execution |
38 |
No Platform-Specific Code |
Run on any OS |
Portable |
39 |
No Architecture-Specific Code |
Run on any CPU |
Portable |
40 |
No Licensing Issues |
Use open-source license |
Free to use |
41 |
No Patent Restrictions |
Use freely |
No legal risk |
42 |
No Obscure Constants |
Use readable constants |
Easy to verify |
43 |
No Hidden State |
All state is visible |
Transparent logic |
44 |
No External RNG Required |
Deterministic output |
No entropy needed |
45 |
No Complex Error Handling |
Simple return values |
Easy to manage |
46 |
No Special Hardware Needed |
Run on basic CPU |
No acceleration required |
47 |
No Special Compiler Flags |
Compile with defaults |
Works out of the box |
48 |
No Special Libraries Needed |
Use standard language features |
Lightweight |
49 |
No Complex Build System |
Compile with single file |
Easy to build |
50 |
No Special Permissions |
Run in user space |
No elevated access needed |
AEAD Support (with poly1305) - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Valid AEAD Encryption |
Encrypt with key, nonce, plaintext, AAD |
Ciphertext and tag generated |
2 |
Valid AEAD Decryption |
Decrypt with correct inputs |
Plaintext recovered |
3 |
Invalid Tag |
Modify authentication tag |
Decryption fails |
4 |
Modified Ciphertext |
Alter ciphertext |
Authentication fails |
5 |
Modified AAD |
Alter associated data |
Authentication fails |
6 |
Missing AAD |
Omit AAD during decryption |
Authentication fails |
7 |
Empty AAD |
Use empty AAD |
Encryption and decryption succeed |
8 |
Empty Plaintext |
Encrypt empty message with AAD |
Tag generated, no ciphertext |
9 |
Empty Ciphertext |
Decrypt empty ciphertext with AAD |
Empty plaintext recovered |
10 |
Empty Tag |
Omit tag |
Decryption fails |
11 |
Valid AAD |
Use valid associated data |
Authenticated successfully |
12 |
Long AAD |
Use 1MB AAD |
Authenticated successfully |
13 |
Short AAD |
Use 1-byte AAD |
Authenticated successfully |
14 |
Valid Nonce |
Use 96-bit nonce |
Encryption succeeds |
15 |
Reused Nonce |
Reuse nonce with same key |
Security risk (test warning) |
16 |
Unique Nonce |
Use new nonce per message |
Secure encryption |
17 |
Valid Key |
Use 256-bit key |
Encryption succeeds |
18 |
Invalid Key Length |
Use 128-bit key |
Error raised |
19 |
Valid Tag Length |
Use 16-byte tag |
Authentication succeeds |
20 |
Invalid Tag Length |
Use 8-byte tag |
Authentication fails |
21 |
AEAD with JSON AAD |
Use JSON as AAD |
Authenticated successfully |
22 |
AEAD with Binary AAD |
Use binary AAD |
Authenticated successfully |
23 |
AEAD with Unicode AAD |
Use Unicode AAD |
Authenticated successfully |
24 |
AEAD with Structured AAD |
Use structured data |
Authenticated successfully |
25 |
AEAD with Random AAD |
Use random bytes |
Authenticated successfully |
26 |
AEAD with Repeated AAD |
Use same AAD across messages |
Works if nonce is unique |
27 |
AEAD with No AAD |
Skip AAD |
Still secure |
28 |
AEAD with All-Zero Key |
Use 0x00 key |
Works but insecure |
29 |
AEAD with All-One Key |
Use 0xFF key |
Works |
30 |
AEAD with Random Key |
Use securely generated key |
Works securely |
31 |
AEAD with All-Zero Nonce |
Use 0x00 nonce |
Works but insecure |
32 |
AEAD with Random Nonce |
Use securely generated nonce |
Secure encryption |
33 |
AEAD with Short Message |
Encrypt 1-byte message |
Works |
34 |
AEAD with Long Message |
Encrypt 1MB message |
Works |
35 |
AEAD with Streaming Data |
Encrypt stream chunks |
Authenticated per chunk |
36 |
AEAD with File Data |
Encrypt file contents |
Authenticated successfully |
37 |
AEAD with Network Packet |
Encrypt UDP payload |
Authenticated successfully |
38 |
AEAD with TLS |
Use in TLS 1.3 |
Secure session |
39 |
AEAD with SSH |
Use in OpenSSH |
Secure session |
40 |
AEAD with VPN |
Use in WireGuard |
Secure tunnel |
41 |
AEAD with IoT Device |
Encrypt sensor data |
Secure and efficient |
42 |
AEAD with Mobile App |
Encrypt messages |
Secure and fast |
43 |
AEAD with Web App |
Encrypt API payload |
Authenticated successfully |
44 |
AEAD with Email |
Encrypt email body |
Authenticated successfully |
45 |
AEAD with Token |
Encrypt and authenticate token |
Secure token |
46 |
AEAD with Session ID |
Encrypt session data |
Authenticated successfully |
47 |
AEAD with Replay Attack |
Replay encrypted message |
Detected via nonce tracking |
48 |
AEAD with Timing Attack |
Measure decryption time |
Constant-time behavior |
49 |
AEAD with Compliance Check |
Validate against RFC 8439 |
Fully compliant |
50 |
AEAD with Cross-Platform Use |
Encrypt in Python, decrypt in Go |
Decryption successful |
Cross-Platform Compatibility - Testcases
# |
Test Case |
Description |
Expected Result |
|---|---|---|---|
1 |
Encrypt on Windows |
Run ChaCha20 on Windows OS |
Encryption successful |
2 |
Encrypt on Linux |
Run ChaCha20 on Linux OS |
Encryption successful |
3 |
Encrypt on macOS |
Run ChaCha20 on macOS |
Encryption successful |
4 |
Encrypt on Android |
Run ChaCha20 in Android app |
Encryption successful |
5 |
Encrypt on iOS |
Run ChaCha20 in iOS app |
Encryption successful |
6 |
Encrypt on Raspberry Pi |
Run ChaCha20 on ARM CPU |
Encryption successful |
7 |
Encrypt on Arduino |
Run ChaCha20 on microcontroller |
Encryption successful |
8 |
Encrypt on ESP32 |
Run ChaCha20 on embedded Wi-Fi chip |
Encryption successful |
9 |
Encrypt on WebAssembly |
Run ChaCha20 in browser |
Encryption successful |
10 |
Encrypt on Docker |
Run ChaCha20 in container |
Encryption successful |
11 |
Encrypt on Virtual Machine |
Run ChaCha20 in VM |
Encryption successful |
12 |
Encrypt on Cloud Function |
Run ChaCha20 in serverless environment |
Encryption successful |
13 |
Encrypt with Python |
Use PyCryptodome |
Works on all platforms |
14 |
Encrypt with Go |
Use Go crypto library |
Works on all platforms |
15 |
Encrypt with Rust |
Use RustCrypto |
Works on all platforms |
16 |
Encrypt with Java |
Use BouncyCastle |
Works on all platforms |
17 |
Encrypt with Node.js |
Use crypto module |
Works on all platforms |
18 |
Encrypt with C++ |
Use libsodium |
Works on all platforms |
19 |
Encrypt with .NET |
Use System.Security |
Works on Windows, Linux, macOS |
20 |
Encrypt with OpenSSL |
Use ChaCha20 CLI |
Works on all platforms |
21 |
Encrypt with Android NDK |
Use native C/C++ |
Works on Android |
22 |
Encrypt with iOS Swift |
Use CryptoKit |
Works on iOS |
23 |
Encrypt with Flutter |
Use Dart plugin |
Works on Android and iOS |
24 |
Encrypt with React Native |
Use JS module |
Works on Android and iOS |
25 |
Encrypt with Xamarin |
Use C# |
Works on Android and iOS |
26 |
Encrypt with Unity |
Use C# plugin |
Works on all gaming platforms |
27 |
Encrypt with Web App |
Run in browser |
Works on all OSes |
28 |
Encrypt with CLI Tool |
Run from terminal |
Works on all OSes |
29 |
Encrypt with API Server |
Run in backend |
Works on all cloud platforms |
30 |
Encrypt with IoT Gateway |
Run on edge device |
Encryption successful |
31 |
Encrypt with Smartwatch |
Run on wearable OS |
Encryption successful |
32 |
Encrypt with Smart TV |
Run on Android TV |
Encryption successful |
33 |
Encrypt with Automotive OS |
Run on car infotainment system |
Encryption successful |
34 |
Encrypt with POS Terminal |
Run on payment device |
Encryption successful |
35 |
Encrypt with ATM Software |
Run on banking terminal |
Encryption successful |
36 |
Encrypt with Medical Device |
Run on embedded health monitor |
Encryption successful |
37 |
Encrypt with Industrial Controller |
Run on PLC |
Encryption successful |
38 |
Encrypt with Satellite Firmware |
Run on space-grade hardware |
Encryption successful |
39 |
Encrypt with Drone Firmware |
Run on flight controller |
Encryption successful |
40 |
Encrypt with Game Console |
Run on console OS |
Encryption successful |
41 |
Encrypt with Chromebook |
Run in ChromeOS |
Encryption successful |
42 |
Encrypt with eReader |
Run on Kindle or Kobo |
Encryption successful |
43 |
Encrypt with Smart Speaker |
Run on voice assistant |
Encryption successful |
44 |
Encrypt with Smart Home Hub |
Run on home automation device |
Encryption successful |
45 |
Encrypt with Router Firmware |
Run on OpenWRT |
Encryption successful |
46 |
Encrypt with NAS Device |
Run on storage server |
Encryption successful |
47 |
Encrypt with Legacy System |
Run on older OS |
Encryption successful |
48 |
Encrypt with ARM64 |
Run on 64-bit ARM CPU |
Encryption successful |
49 |
Encrypt with x86_64 |
Run on Intel/AMD CPU |
Encryption successful |
50 |
Encrypt with RISC-V |
Run on open-source CPU |
Encryption successful |
Reference links