On Tuesday, July 25, 2023 at 9:20:27 AM UTC-4 6a7...@gmail.com wrote:
Could someone please clarify if the XChaCha key derivation function in Crypto++ is consistent with the functionality outlined in “XChaCha: eXtended-nonce ChaCha and AEAD_XChaCha20_Poly1305 draft-irtf-cfrg-xchacha-03”? Implementing just the HChaCha_OperateKeystream function using the test vectors outlined in the document produces results consistent with the document. However, executing HChaCha_OperateKeystream using the ChaCha values from the initial XChaCha20 setup does not produce an XChaCha key consistent with the final result. Could someone please clarify the input to HChaCha_OperateKeystream in the Crypto++ implementation as using the ChaCha key and block counter with 64-bit nonce as the 128-bit input does not produce the same values as the XChaCha20 key? Thank you. The documentation is available at https://www.cryptopp.com/docs/ref/struct_x_cha_cha20.html. There are some wiki pages at https://www.cryptopp.com/w/index.php?search=ChaCha . I also seem to recall Crypto++ had a bug in the ChaCha gear when running on AVX2. See ChaCha and incorrect result when using AVX2, https://github.com/weidai11/cryptopp/issues/1069 . Jeff -- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/cryptopp-users/e4b7e827-bf23-4de2-b585-45ff289e385en%40googlegroups.com.
