XSalsa20-Poly1305
E792090
XSalsa20-Poly1305 is an authenticated encryption scheme that combines the XSalsa20 stream cipher with the Poly1305 message authentication code to provide both confidentiality and integrity for messages.
Statements (38)
| Predicate | Object |
|---|---|
| instanceOf | authenticated encryption scheme ⓘ |
| basedOn | Salsa20-Poly1305 NERFINISHED ⓘ |
| category | modern cryptography ⓘ |
| commonlyUsedIn | NaCl crypto_secretbox API NERFINISHED ⓘ |
| designedBy | Daniel J. Bernstein NERFINISHED ⓘ |
| designedFor | long nonces ⓘ |
| encryptionMode | AEAD NERFINISHED ⓘ |
| encryptionType | symmetric-key ⓘ |
| extends | Salsa20 NERFINISHED ⓘ |
| implementationStyle | constant-time (in well-written libraries) ⓘ |
| keySize | 256-bit ⓘ |
| nonceDerivation | HSalsa20-based subkey derivation ⓘ |
| nonceRequirement | unique per key ⓘ |
| nonceSize | 192-bit ⓘ |
| operation | encrypt-then-MAC ⓘ |
| outputComponents |
authentication tag
ⓘ
ciphertext ⓘ nonce (transmitted or agreed externally) ⓘ |
| providesProperty |
authenticity
ⓘ
confidentiality ⓘ integrity ⓘ |
| relatedAlgorithm | ChaCha20-Poly1305 ⓘ |
| resists | chosen-ciphertext attacks (under standard assumptions) ⓘ |
| securityReliesOn |
Poly1305 unforgeability
ⓘ
XSalsa20 key stream secrecy ⓘ |
| standardizationStatus | commonly used but not an IETF AEAD standard ⓘ |
| suitableFor |
file encryption
ⓘ
network protocols ⓘ secure messaging ⓘ |
| supports | large message sizes ⓘ |
| supportsFeature | associated data authentication ⓘ |
| tagSize | 128-bit ⓘ |
| typicalLibrary |
NaCl
GENERATED
ⓘ
libsodium GENERATED ⓘ |
| usesCipher | XSalsa20 ⓘ |
| usesMAC | Poly1305 ⓘ |
| usesPrimitive |
one-time MAC
ⓘ
stream cipher ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.