HChaCha20 to derive subkey from main key and first 128 bits of nonce
E919336
HChaCha20 is a variant of the ChaCha20 core function used as a key-derivation mechanism to produce a subkey from an existing key and part of a nonce, enabling extended-nonce constructions like XChaCha20.
All labels observed (1)
| Label | Occurrences |
|---|---|
| HChaCha20 to derive subkey from main key and first 128 bits of nonce canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T11327250 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: HChaCha20 to derive subkey from main key and first 128 bits of nonce Context triple: [XChaCha20-Poly1305 AEAD construction, usesKeyDerivation, HChaCha20 to derive subkey from main key and first 128 bits of nonce]
-
A.
ChaCha20
ChaCha20 is a modern stream cipher designed by Daniel J. Bernstein, widely used for its high performance and strong security in protocols like TLS.
-
B.
XChaCha20-Poly1305 AEAD construction
XChaCha20-Poly1305 AEAD construction is an authenticated encryption scheme that extends ChaCha20-Poly1305 with a longer nonce for improved security and robustness against nonce reuse.
-
C.
Salsa20
Salsa20 is a high-speed stream cipher designed by Daniel J. Bernstein, widely used in modern cryptography for its strong security and efficient software performance.
-
D.
SipHash24
SipHash24 is a fast, cryptographically secure keyed hash function designed to protect hash tables from collision attacks while remaining efficient for short inputs.
-
E.
Poly1305
Poly1305 is a high-speed message authentication code (MAC) algorithm commonly used with stream ciphers like ChaCha20 to provide data integrity and authenticity.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: HChaCha20 to derive subkey from main key and first 128 bits of nonce Target entity description: HChaCha20 is a variant of the ChaCha20 core function used as a key-derivation mechanism to produce a subkey from an existing key and part of a nonce, enabling extended-nonce constructions like XChaCha20.
-
A.
ChaCha20
ChaCha20 is a modern stream cipher designed by Daniel J. Bernstein, widely used for its high performance and strong security in protocols like TLS.
-
B.
XChaCha20-Poly1305 AEAD construction
XChaCha20-Poly1305 AEAD construction is an authenticated encryption scheme that extends ChaCha20-Poly1305 with a longer nonce for improved security and robustness against nonce reuse.
-
C.
Salsa20
Salsa20 is a high-speed stream cipher designed by Daniel J. Bernstein, widely used in modern cryptography for its strong security and efficient software performance.
-
D.
SipHash24
SipHash24 is a fast, cryptographically secure keyed hash function designed to protect hash tables from collision attacks while remaining efficient for short inputs.
-
E.
Poly1305
Poly1305 is a high-speed message authentication code (MAC) algorithm commonly used with stream ciphers like ChaCha20 to provide data integrity and authenticity.
- F. None of above. chosen
Statements (49)
| Predicate | Object |
|---|---|
| instanceOf |
key derivation function
ⓘ
variant of ChaCha20 core function ⓘ |
| avoids | key reuse across different nonces ⓘ |
| basedOn | ChaCha20 core function NERFINISHED ⓘ |
| blockStructure | 16-word state matrix ⓘ |
| category | symmetric cryptography primitive ⓘ |
| constantWords | "expand 32-byte k" constants ⓘ |
| constructionType | ARX (add-rotate-xor) function ⓘ |
| definedIn | XChaCha20 specification ⓘ |
| designedFor | 128-bit nonce prefix handling ⓘ |
| deterministic | yes ⓘ |
| domainSeparation | uses nonce prefix as diversification input ⓘ |
| enables | 192-bit nonce XChaCha20 construction ⓘ |
| implementation | constant-time software implementations recommended ⓘ |
| implementedIn |
BoringSSL
NERFINISHED
ⓘ
Go crypto/x/crypto packages ⓘ libsodium NERFINISHED ⓘ |
| inputComponents |
4 constant words
ⓘ
4 nonce words ⓘ 8 key words ⓘ |
| inputKeySize | 256-bit key ⓘ |
| inputNonceSize | 128-bit nonce prefix ⓘ |
| introducedFor | safe large-nonce randomization ⓘ |
| invertible | no ⓘ |
| nonceUsage | first 128 bits of a 192-bit XChaCha20 nonce ⓘ |
| operatesOn | 4x4 matrix of 32-bit words ⓘ |
| outputComponents | 8 state words ⓘ |
| outputDistribution | pseudorandom under key secrecy ⓘ |
| outputKeySize | 256-bit subkey ⓘ |
| outputSelection | first 4 state words and last 4 state words ⓘ |
| proposedBy |
Adam Langley
NERFINISHED
ⓘ
Google researchers ⓘ |
| relatedTo |
ChaCha20
NERFINISHED
ⓘ
Poly1305 NERFINISHED ⓘ XChaCha20 NERFINISHED ⓘ |
| roundCount | 20 rounds ⓘ |
| roundStructure | 10 column and diagonal double-rounds ⓘ |
| securityAssumption | security of ChaCha20 core function ⓘ |
| securityGoal | pseudorandom subkey derivation ⓘ |
| standardizedIn | draft-irtf-cfrg-xchacha ⓘ |
| status | widely used in modern cryptographic libraries ⓘ |
| subkeyUsage | used as key for subsequent ChaCha20 encryption ⓘ |
| usedFor |
deriving a subkey from a main key and nonce
ⓘ
extended-nonce stream cipher constructions ⓘ |
| usedIn | XChaCha20 NERFINISHED ⓘ |
| usedWith |
ChaCha20 stream cipher
NERFINISHED
ⓘ
XChaCha20-Poly1305 AEAD NERFINISHED ⓘ |
| uses | ChaCha quarter-round function ⓘ |
| wordSize | 32-bit ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: HChaCha20 to derive subkey from main key and first 128 bits of nonce Description of subject: HChaCha20 is a variant of the ChaCha20 core function used as a key-derivation mechanism to produce a subkey from an existing key and part of a nonce, enabling extended-nonce constructions like XChaCha20.
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.