Notes

ChaCha20-Poly1305 AEAD is an encryption and authentication algorithm that transmits data over a network.

It is often used in conjunction with the Transport Layer Security (TLS) protocol to provide secure communication between two parties.

In the context of TLS, ChaCha20-Poly1305 is typically used as an "Authenticated Encryption with Associated Data" (AEAD) cipher. This means that it provides both encryption and authentication for the data being transmitted. When used in this way, the ChaCha20-Poly1305 algorithm takes three inputs: a key, a nonce, and the plaintext message to be encrypted. It then uses these inputs to generate a ciphertext message that is both encrypted and authenticated.

To use ChaCha20-Poly1305 with TLS, the client and server must first agree on which cipher to use during the initial handshake phase of the TLS protocol. Once this has been negotiated, the client and server can use ChaCha20-Poly1305 to encrypt and authenticate the data that is transmitted over the secure TLS connection. The exact details of how this is done will depend on the specific implementation of TLS being used.

• Can nonce be non random
• what about using a nonce as the IV

HW

1.

• MAC and Encrypt
  • Bad MACing plaintext. MAC leaking will reveal plaintext
  • Bad Encrypting plaintext.
  • Lots to work to verify integrity of data. Need to decrypt c to get m then MAC m to get t’, check t’ = t
• MAC then Encrypt.
  • Great since user can receive c and create the MAC(m) and encrypt themselves to see if the value they generated is c.
  • However, could be suseptible to padding attacks. You Encrypt second meaning you have to pad the plaintext first before appending MAC then encrypting.
• Encrypt then MAC:
  • can reject forgeries without needing to decrypt. Use c and MAC it to check if it matches t
  • MAC algo leaking (due to side channel) will only reveal ciphertext.
  • Wont be suseptible to padding attacks since you apply MAC second.

2.