# ChaCha20 Stream Cipher

ChaCha20 is a modern, secure stream cipher designed by Daniel J. Bernstein (2008) as an improvement over Salsa20. It is fast in software and robust against known cryptanalytic attacks. ChaCha20 is often paired with Poly1305 to form the AEAD scheme ChaCha20-Poly1305.

---

## What It Is

- **Modern & Secure:**  
  ChaCha20 is currently considered strong with no practical attacks known as of 2025.

- **Speed & Efficiency:**  
  Very fast on CPUs, even those without dedicated AES hardware acceleration, and resistant to timing attacks (unlike RC4).

- **AEAD Variant:**  
  When combined with Poly1305, it offers both confidentiality and message authentication (integrity), used in ChaCha20-Poly1305.

- **Common Uses:**  
  TLS 1.3, WireGuard VPN, Signal messenger, and OpenSSH (via the chacha20-poly1305@openssh.com cipher).

---

## How It Works

1. **Initialization:**
   - **Key:** 256-bit secret key (32 bytes).
   - **Nonce:** 96-bit value (12 bytes) that must be unique per encryption.
   - **Counter:** 32-bit integer, usually starting at 1.

2. **State Setup:**
   - A 16-word (512-bit) state matrix is constructed from:
     - Four constant words.
     - Eight words from the 256-bit key.
     - One word for the counter.
     - Three words from the 96-bit nonce.

3. **Rounds:**
   - The ChaCha20 algorithm applies 20 rounds of its quarter-round function (each round consisting of several quarter-rounds) to mix the state thoroughly.

4. **Keystream Generation:**
   - The final state is added to the original state.
   - The resulting state is serialized into a 64-byte keystream block.

5. **Encryption/Decryption:**
   - **Encryption:**  
     Plaintext is XORed with the keystream to produce ciphertext.
   - **Decryption:**  
     XORing the ciphertext with the same keystream recovers the plaintext.

---

## Communication Flow

```text
Alice                              Bob                                          Eve
-----                              ---                                          ---
Plaintext P
   |-- Encrypt with ChaCha20 (using key K, nonce N, counter) --> Ciphertext C
   |                                                   
   |<-- Decrypt with same K, N, counter -- Plaintext P
```

- **Eve’s Perspective:**  
  Eve can observe the ciphertext and the nonce, but without the secret key K, she cannot recover the plaintext.

---

## Parameters

- **Key:** 256 bits (32 bytes).
- **Nonce:** 96 bits (12 bytes); must be unique for every encryption operation.
- **Counter:** 32-bit integer, typically starts at 1.
- **Keystream Block Size:** 64 bytes produced per block (each block is generated by one complete application of the 20 rounds).

---

## Security Considerations

- **Robust Security:**  
  No known practical attacks, making ChaCha20 a secure alternative in many applications.

- **Efficiency & Performance:**  
  Optimized for software, especially on platforms without AES hardware acceleration.

- **Nonce Reuse Warning:**  
  Never reuse the same (key, nonce) pair, as doing so will leak keystream data and compromise security.

- **Timing Attack Resistance:**  
  Designed to be constant-time, reducing side-channel attack vectors compared to older ciphers like RC4.

---

## Where It’s Used

- **TLS 1.3:**  
  As an alternative to AES-GCM, particularly effective on devices lacking dedicated AES instructions.
- **VPNs:**  
  Utilized in WireGuard for secure and efficient communication.
- **Secure Messaging:**  
  Utilized in apps like Signal for message encryption.
- **SSH:**  
  Employed in modern OpenSSH implementations (chacha20-poly1305@openssh.com).

---

For secure implementations, always use well-vetted cryptographic libraries rather than creating your own implementation.

In [4]:
from Crypto.Cipher import ChaCha20
from Crypto.Random import get_random_bytes

# --- Key & Nonce ---
key = get_random_bytes(32)   # 256-bit key
nonce = get_random_bytes(8)  # ChaCha20 uses 64-bit nonce

# --- Encrypt ---
cipher_enc = ChaCha20.new(key=key, nonce=nonce)
plaintext = b"ChaCha20 is a modern stream cipher"
ciphertext = cipher_enc.encrypt(plaintext)

print("Ciphertext (hex):", ciphertext.hex())

# --- Decrypt ---
cipher_dec = ChaCha20.new(key=key, nonce=nonce)
recovered = cipher_dec.decrypt(ciphertext)

print("Recovered:", recovered)


Ciphertext (hex): 2a68eaf4ba3a14d8357da029b4b3187b94405116b5a927ca0158c5480902c96bde5d
Recovered: b'ChaCha20 is a modern stream cipher'
