AES Is Great … But We Need A Fall-back: Meet ChaCha and Poly1305

I have created a demonstrator here for ChaCha20 and Poly1305.

Which encryption method just needs an EX-OR to encrypt? Well, that will be a stream encryption method, and where to EX-OR each bit of our plain text stream with our cipher key stream.

AES has become the gold standard for encryption, and will hopefully remain robust in a world of quantum computers. But what if someone finds a vulnerability in it? And surely it is rather complex for simple IoT devices to implement?

Well, for TLS 1.3, Google has been searching for a replacement for RC4 — and which has been shown to have flaws — and have settled on ChaCha20 for symmetric key encryption and Poly1305 for a message authentication code (MAC). Both were originally created by Daniel J. Bernstein, and focus on not relying on AES as a core method:

Google has been pushing for improved cryptography methods, and can move the market because of its predominance with Chrome.

ChaCha20 takes a 256-bit key and a 32-bit nonce and then creates a key stream, which is then XORed with the plaintext stream. In software, it is three…