Google Is Pushing New Cipher Suites - All About ChaCha20 and Poly1305

After the Snowden revelations, tech companies have been scrambling to find newer and stronger encryption schemes to boost confidence in encryption around the world as a way to safeguard your data from intrusion by advanced threats like governments. A lot of companies have moved to 2048-bit asymmetric keys and 256-bit symmetrical ciphers in an effort to strengthen current protocols against brute force attacks with enormous distributed networks like botnets or world-class supercomputers.

There also has been a large outcry for stronger protocols with fewer theoretical attacks against them. The most commonly used ciphers (RC4 and AES-CBC) have had practical attacks executed in the wild that demonstrated vulnerability.

New protocols are in the works such as AES in Galois Counter Mode, the Skein Hash Protocol, and Keccak but they are heavy protocols that require a lot of computing power to handle large amounts of data. They are heavy on devices with traditionally weaker or low power processors like smartphones and tablets.

In walks Dan Bernstein with Chacha20 and Poly1305.

ChaCha20 is a new stream cipher that is functionally similar to the old Salsa20 cipher. Poly1305 is for message authentication and is both less cpu intensive and uses less bandwidth than SHA1/2/3 or Skein, while still allowing for perfect message integrity assurance as long as the cipher it is checking is known to be secure. Together, they offer a substantial performance advantage for devices that may be limited by their processors. ChaCha20+Poly1305 can be as much as 300% faster than AES-256-GCM with SHA-1 authentication.

Advantages of ChaCha20 and Poly1305:

Speed - It is very fast.

Security - No known theoretical or practical vulnerabilities.

Simplicity - Less than 100 lines of code to implement. It is extremely easy to audit and to check the code for tampering.

Source - Dan Bernstein works for the University of Illinois and does not have ties to clandestine agencies.

Drawbacks to ChaCha20 and Poly1305:

It's New - There were no theoretical or practical attacks for AES or RC4 when they were first released either.

It relies on the same old asymmetric encryption - The weakest point for encryption currently is the asymmetric handshake that begins the session. If the key for the symmetric encryption is lost when it is handed off, the rest of the session is insecure regardless of the method of encryption. We know from the released information from the Washington Post, The Guardian, and Jacob Appelbaum that governments are using supercomputers to try to break symmetrical encryption keys (like RSA and DH) and evidence points to them having some success at doing so. Elliptic curve suites still rely on curves that were provided by the NSA and may have inherent vulnerabilities. This means that while this is a large improvement for speed and security on the cipher side, we are still leaving the keys in the car.

ChaCha20 and Poly1305 are being rapidly adopted:

Google's security team has already added the suites to OpenSSL. The Mozilla team is working on adding it to Firefox. Google has also stated that they are adding support to Chrome and Android, and the functionality is already working in beta versions of both.

I would like to see OpenVPN support in the near future because of the potential advantages for smartphones, tablets, and consumer level routers.

Sources / More Information below:

http://cr.yp.to/chacha/chacha-20080128.pdf

http://cr.yp.to/mac.html

http://bxr.su/OpenBSD/usr.bin/ssh/cipher-chachapoly.c

https://bugzilla.mozilla.org/show_bug.cgi?id=917571

https://tools.ietf.org/html/draft-mavrogiannopoulos-chacha-tls-02






Learn why Viking VPN is the Fastest VPN Service Provider.

< last
next >