[Cryptography] recommending ChaCha20 instead of RC4 (RC4 again)

Zooko O'Whielacronx zookog at gmail.com
Sat Mar 8 23:23:06 EST 2014


If you like RC4, you might like ChaCha20.

https://en.wikipedia.org/wiki/Salsa20#ChaCha_variant

Like RC4, it is a stream cipher, but unlike RC4 it is widely liked by
modern cryptographers. That's a generalization, of course, but:

* ChaCha20 is a variant of Salsa20, which was one of the winners of
the eSTREAM competition: http://www.ecrypt.eu.org/stream/index.html

* There is work to implement it in TLS (to replace RC4):
https://www.imperialviolet.org/2013/10/07/chacha20.html

* It's now included in OpenSSH:
http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-openssh.html

* It is the core of my favorite secure hash function, BLAKE2!
https://blake2.net/ (Disclosure: I'm one of the authors of BLAKE2, but
not of the original "BLAKE" from which BLAKE2 is derived.)

Oh yes, and ChaCha is much more efficient than RC4.
http://www.cryptopp.com/benchmarks.html says that modified alleged RC4
("MARC4") takes about 14 cycles per byte and that Salsa20 takes about
4 cycles per byte. http://bench.cr.yp.to/results-stream.html says that
ChaCha20 is usually around 15% more efficient than Salsa20 on modern
Intel CPUs.

Regards,

Zooko


More information about the cryptography mailing list