Hi, On Wed, 15 Jan 2014 22:01:13 +0100 [email protected] (Niels Möller) wrote:
> In the chacha paper I've read, it seems that "chacha" is the name of > the family, and "chacha20" always refers to the 20-round variant. So a > reduced round chacha would be named "chacha12", not "chacha20_r12". > Right? Yes. > Should we follow that naming? If so, the 20-round crypt function > should be "chacha20_crypt" (not "chacha_crypt"), and if we introduce > a crypt function with a variable number of rounds, that could be named > "chacha_crypt". > > It might be a bit confusing if we have > > chacha20_crypt (20 rounds) > chacha12_crypt (12 rounds) > chacha128_set_key (128 key bits) > chacha256_set_key (256 key bits) What about: chacha20_crypt (20 rounds) chacha12_crypt (12 rounds) chacha_set_key128 (128 key bits) chacha_set_key256 (256 key bits) salsa20_set_key128 (128 key bits) salsa20_set_key256 (256 key bits) > Opinions? Imho moving Salsa20/R functions to the ChachaR naming would work too :) And don't forget XSalsa20/r (using HSalsa20/r and an additional 128-bit nonce, defined only for 256-bit keys afaik, but theoretically should work with 128-bit keys too)... xsalsa20r12_set_key256? :D (The number of rounds does actually matter in this case) regards, Stefan _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
