XChaCha20-Poly1305 AEAD construction
E268251
XChaCha20-Poly1305 AEAD construction is an authenticated encryption scheme that extends ChaCha20-Poly1305 with a longer nonce for improved security and robustness against nonce reuse.
All labels observed (4)
| Label | Occurrences |
|---|---|
| ChaCha20-Poly1305 AEAD construction | 1 |
| Noise_XX_25519_ChaChaPoly_BLAKE2s | 1 |
| XChaCha20 | 1 |
| XChaCha20-Poly1305 AEAD construction canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T2271414 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: XChaCha20-Poly1305 AEAD construction Context triple: [RFC 8439, specifies, XChaCha20-Poly1305 AEAD construction]
-
A.
AEAD_CHACHA20_POLY1305
AEAD_CHACHA20_POLY1305 is an authenticated encryption algorithm that combines the ChaCha20 stream cipher with the Poly1305 message authentication code to provide both confidentiality and integrity for data.
-
B.
ChaCha20
ChaCha20 is a modern stream cipher designed by Daniel J. Bernstein, widely used for its high performance and strong security in protocols like TLS.
-
C.
AES-Poly1305
AES-Poly1305 is an authenticated encryption scheme that pairs the AES block cipher with the Poly1305 message authentication code to provide both confidentiality and integrity.
-
D.
Poly1305
Poly1305 is a high-speed message authentication code (MAC) algorithm commonly used with stream ciphers like ChaCha20 to provide data integrity and authenticity.
-
E.
Salsa20
Salsa20 is a high-speed stream cipher designed by Daniel J. Bernstein, widely used in modern cryptography for its strong security and efficient software performance.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: XChaCha20-Poly1305 AEAD construction Target entity description: XChaCha20-Poly1305 AEAD construction is an authenticated encryption scheme that extends ChaCha20-Poly1305 with a longer nonce for improved security and robustness against nonce reuse.
-
A.
AEAD_CHACHA20_POLY1305
AEAD_CHACHA20_POLY1305 is an authenticated encryption algorithm that combines the ChaCha20 stream cipher with the Poly1305 message authentication code to provide both confidentiality and integrity for data.
-
B.
ChaCha20
ChaCha20 is a modern stream cipher designed by Daniel J. Bernstein, widely used for its high performance and strong security in protocols like TLS.
-
C.
AES-Poly1305
AES-Poly1305 is an authenticated encryption scheme that pairs the AES block cipher with the Poly1305 message authentication code to provide both confidentiality and integrity.
-
D.
Poly1305
Poly1305 is a high-speed message authentication code (MAC) algorithm commonly used with stream ciphers like ChaCha20 to provide data integrity and authenticity.
-
E.
Salsa20
Salsa20 is a high-speed stream cipher designed by Daniel J. Bernstein, widely used in modern cryptography for its strong security and efficient software performance.
- F. None of above. chosen
Statements (46)
| Predicate | Object |
|---|---|
| instanceOf |
AEAD construction
ⓘ
authenticated encryption with associated data scheme ⓘ |
| avoids | AES-specific side-channel issues on some platforms ⓘ |
| basedOn |
ChaCha20
ⓘ
surface form:
ChaCha20 stream cipher
Poly1305 one-time MAC ⓘ |
| category | symmetric-key cryptography ⓘ |
| designedFor | software efficiency without specialized hardware instructions ⓘ |
| designedTo |
allow random nonces
ⓘ
improve robustness against nonce reuse ⓘ |
| encryptionMode | stream cipher with one-time MAC ⓘ |
| extends |
XChaCha20-Poly1305 AEAD construction
self-linksurface differs
ⓘ
surface form:
ChaCha20-Poly1305 AEAD construction
|
| hasKeyLength |
256 bits
ⓘ
32 bytes ⓘ |
| hasNonceLength |
192 bits
ⓘ
24 bytes ⓘ |
| hasTagLength |
128 bits
ⓘ
16 bytes ⓘ |
| implementedIn |
BoringSSL
ⓘ
Go crypto/x/crypto packages ⓘ Rust crates such as chacha20poly1305 ⓘ libsodium ⓘ |
| nonceMisuseResistance | improved but not fully misuse-resistant ⓘ |
| origin | proposed by cryptographers including Jason A. Donenfeld and others in the context of extended-nonce ChaCha ⓘ |
| performance | similar to ChaCha20-Poly1305 on modern CPUs ⓘ |
| providesProperty |
authenticity
ⓘ
confidentiality ⓘ integrity ⓘ |
| recommendedFor |
applications requiring large number of encryptions per key
ⓘ
applications where nonce uniqueness cannot be guaranteed ⓘ |
| requires | unique key and nonce pair for strongest security guarantees ⓘ |
| securityDependsOn |
pseudorandomness of ChaCha20
ⓘ
unforgeability of Poly1305 MAC ⓘ |
| securityGoal | IND-CCA2 security under standard assumptions ⓘ |
| standardizedIn | IETF draft libsodium documentation (non-RFC, library specification) ⓘ |
| suitableFor |
datagram encryption
ⓘ
file encryption ⓘ network protocols ⓘ |
| supports | associated data ⓘ |
| tagComputation | Poly1305 over ciphertext and associated data ⓘ |
| thenUses | ChaCha20-Poly1305 with derived subkey and remaining 64-bit nonce ⓘ |
| usesBlockFunction | ChaCha20 quarter-round function ⓘ |
| usesCipher |
XChaCha20-Poly1305 AEAD construction
self-linksurface differs
ⓘ
surface form:
XChaCha20
|
| usesConstruction | HChaCha20 key derivation for subkey ⓘ |
| usesKeyDerivation | HChaCha20 to derive subkey from main key and first 128 bits of nonce ⓘ |
| usesMAC | Poly1305 ⓘ |
| usesNonceStructure | 192-bit nonce split into 128-bit extended nonce and 64-bit ChaCha20 nonce ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: XChaCha20-Poly1305 AEAD construction Description of subject: XChaCha20-Poly1305 AEAD construction is an authenticated encryption scheme that extends ChaCha20-Poly1305 with a longer nonce for improved security and robustness against nonce reuse.
Referenced by (4)
Full triples — surface form annotated when it differs from this entity's canonical label.