decipherhub
diff --git a/‎content/Basic Cryptography/Basic Cryptography.md‎
Lines changed: 1 addition & 0 deletions b/‎content/Basic Cryptography/Basic Cryptography.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎content/Basic Cryptography/ChaCha20.md‎
Lines changed: 155 additions & 0 deletions b/‎content/Basic Cryptography/ChaCha20.md‎
Lines changed: 155 additions & 0 deletions
diff --git a/‎content/Basic Cryptography/Feistel cipher.md‎
Lines changed: 106 additions & 0 deletions b/‎content/Basic Cryptography/Feistel cipher.md‎
Lines changed: 106 additions & 0 deletions
diff --git a/‎content/Basic Cryptography/images/Feistel_cipher(1).png‎
49.1 KB b/‎content/Basic Cryptography/images/Feistel_cipher(1).png‎
49.1 KB
diff --git a/‎content/Basic Cryptography/images/Feistel_cipher(2).png‎
133 KB b/‎content/Basic Cryptography/images/Feistel_cipher(2).png‎
133 KB
@@ -21,4 +21,5 @@
 - [[Merkle Tree]]
 - [[Digital Signature]]
 - [[Schnorr Signature]]
+- [[ChaCha20]]
 - [[General LWE]]
@@ -0,0 +1,155 @@
+## Intro
+ChaCha20 is a stream cipher developed by Daniel J. Bernstein. It is an improved version of Salsa20, which he previously designed, offering enhanced security and performance. ChaCha20 is widely used as a symmetric key cipher that balances speed and security, making it suitable for various protocols and applications, including TLS, SSH, VPN, and DNS encryption.
+
+Unlike block ciphers such as [[AES]], ChaCha20 is a stream cipher that performs nonlinear transformations at the bit level. This characteristic allows it to operate efficiently in software without requiring hardware acceleration.
+
+> [!Question] What is a Stream Cipher?
+> A stream cipher is a symmetric key encryption method that encrypts data in a continuous stream of bits or bytes. It generates a keystream of the same length as the plaintext and encrypts data by performing an XOR operation with the plaintext. This approach enables fast and efficient encryption, making stream ciphers well-suited for real-time communication and wireless security, where low latency and high speed are essential. However, if the keystream is repeated, security vulnerabilities can arise, making the use of a unique nonce critical.
+>
+> For more details, refer to [[Stream cipher]].
+
+
+
+## Characteristics of ChaCha20
+ChaCha20 has the following characteristics:
+1. **Stream Cipher**  
+    Unlike block ciphers, which encrypt data in fixed-size blocks, ChaCha20 generates a key stream and encrypts plaintext by performing an XOR operation with it.
+    
+2. **High Speed and Simple Operations**  
+    ChaCha20 utilizes Add, Rotate, and XOR (ARX) operations, making its computations simple and allowing it to operate with high efficiency.
+    
+3. **Enhanced Security with Nonce-Based Encryption**  
+    Even when using the same encryption key, different nonces produce distinct key streams, enhancing security and preventing key stream reuse attacks.
+
+
+
+## Design
+The basic structure of ChaCha20 is as follows:
+
+- **State size**: 512 bits, consisting of 16 32-bit words
+- **Key size**: 256 bits
+- **Nonce size**: 96 bits
+- **Counter**: 32 bits
+
+### Initial State Setup
+ChaCha20 represents its 512-bit state as a **4×4 matrix of 16 32-bit words**. The state consists of:
+
+- Four **32-bit constants**
+- A **256-bit key** (eight 32-bit words)
+- A **32-bit counter**
+- A **96-bit nonce** (three 32-bit words)
+
+During initialization, the state is set up using predefined constants and the given key, counter, and nonce.
+
+### Quarter Round Function
+The Quarter Round (QR) function is used to perform ARX (Add-Rotate-XOR) operations. This function is applied repeatedly over 20 rounds—hence the name ChaCha'20', which signifies the 20-round transformation process.
+The 20 rounds are divided into Column Rounds and Diagonal Rounds.
+1. **Column Rounds**
+	During Column Rounds, each column in the 4×4 matrix undergoes the Quarter Round transformation.
+	Given the 4×4 matrix representation of the ChaCha20 state:
+	``` 
+	0 1 2 3
+	4 5 6 7
+	8 9 10 11
+	12 13 14 15
+	```
+	The Quarter Round is applied to the following **column-wise** groups:
+
+	- **(0, 4, 8, 12)**
+	- **(1, 5, 9, 13)**
+	- **(2, 6, 10, 14)**
+	- **(3, 7, 11, 15)**
+2. **Diagonal Rounds**
+	Diagonal Rounds apply the Quarter Round transformation to elements grouped diagonally in the 4×4 state matrix.
+
+	Using the same matrix structure:
+	``` 
+	0 1 2 3
+	4 5 6 7
+	8 9 10 11
+	12 13 14 15
+	```
+	The Quarter Round is applied to the following **diagonal-wise** groups:
+
+	- **(0, 5, 10, 15)**
+	- **(1, 6, 11, 12)**
+	- **(2, 7, 8, 13)**
+	- **(3, 4, 9, 14)**
+
+In total, 20 rounds of Quarter Round transformations are performed, alternating between Column Rounds and Diagonal Rounds, ten times each, to generate the final key stream.
+
+The ARX operation follows a sequence of modular addition, bitwise XOR, and bitwise rotation:
+
+```
+a += b; d ^= a; d <<<= 16;
+c += d; b ^= c; b <<<= 12;
+a += b; d ^= a; d <<<= 8;
+c += d; b ^= c; b <<<= 7;
+```
+Each Quarter Round operates on four words from the state matrix. For example, in the first column-wise combination (0, 4, 8, 12):
+
+- **0 → `a`**
+- **4 → `b`**
+- **8 → `c`**
+- **12 → `d`**
+#### Operation Breakdown
+- `+=` represents **32-bit modular addition** (`mod 2³²`).
+- `⊕=` represents **bitwise XOR**.
+- `<<<=` denotes **left rotation** by the specified number of bits.
+Through these transformations, each Quarter Round substantially changes the state, ensuring strong diffusion and security.
+
+
+
+## ChaCha20 vs. AES
+For more details on AES, refer to [[AES]].
+
+Both AES and ChaCha20 are cryptographic algorithms that offer **high security**, but each has its unique advantages.
+### Performance Considerations
+AES benefits from hardware acceleration, such as AES-NI (AES New Instructions) in modern processors, making it significantly faster in environments where such optimizations are available. However, in software-only implementations, ChaCha20 generally outperforms AES in terms of speed and efficiency, especially on processors lacking dedicated cryptographic hardware.
+
+### Security and Side-Channel Resistance
+AES is known to be secure when properly implemented, and it has been validated for encrypting classified documents by the U.S. government. However, some implementations of AES are vulnerable to side-channel attacks, such as cache-timing attacks and power analysis. While these attacks require sophisticated conditions to be successful, they pose a potential risk if AES is not carefully implemented.
+
+ChaCha20, in contrast, is designed to be naturally resistant to side-channel attacks, making it a preferred choice in environments where side-channel resistance is critical. Like AES, ChaCha20 is considered to be cryptographically secure and widely trusted.
+
+
+## ChaCha20-Poly1305
+ChaCha20-Poly1305 is an AEAD (Authenticated Encryption with Associated Data) scheme that combines the ChaCha20 cipher with the Poly1305 message authentication code (MAC). This encryption method provides confidentiality, integrity, and authentication simultaneously and is widely used across various protocols.
+
+ChaCha20-Poly1305 is known to perform faster than AES-GCM in software-based environments, making it a preferred choice in systems without hardware acceleration.
+> [!Question] Why is ChaCha20-Poly1305 needed?
+> Encryption alone, as in ChaCha20, does not detect message tampering. To address this, a separate Message Authentication Code (MAC) is required.  
+> However, if authentication is performed separately after encryption, an attacker may attempt to bypass the MAC verification or manipulate ciphertext integrity.  
+> AEAD (Authenticated Encryption with Associated Data) prevents such attacks by integrating authentication with encryption. ChaCha20-Poly1305 is one of the most well-known AEAD encryption schemes.
+
+### Poly1305
+Poly1305 is an algorithm designed by Daniel J. Bernstein in 2005, the same cryptographer who developed ChaCha20.
+
+It serves as a Message Authentication Code (MAC) that verifies the integrity of a message by generating a cryptographic tag.  
+Poly1305 uses a 128-bit one-time key to prevent message forgery while providing a fast and efficient authentication mechanism.
+
+
+
+## XChaCha20
+
+XChaCha20 is an extended version of ChaCha20, a stream cipher that increases the nonce size from 96 bits to 192 bits. While the fundamental encryption mechanism remains identical to that of ChaCha20, the use of a longer nonce enhances security. This design prevents nonce reuse attacks and provides a safer environment for randomly generated nonces.
+
+In the ChaCha20 encryption algorithm, avoiding nonce reuse is a crucial security requirement. However, in practical applications, a 96-bit nonce carries a risk of collision, leading to the following potential issues:
+3. Risk of collisions when using random nonces  
+	Although the probability of a collision when generating a 96-bit nonce randomly is extremely low, it is not entirely negligible. If a nonce is reused in ChaCha20, it can potentially lead to the direct leakage of the encryption key.
+4. Difficulties in using long-term keys  
+	When the same encryption key is used for an extended period, the risk of nonce duplication increases. Ensuring security when encrypting large volumes of data requires strict nonce management.
+
+To address these concerns, XChaCha20 employs a 192-bit nonce, effectively eliminating the risk of collisions.
+
+
+
+## Use cases
+### TLS (Transport Layer Security)
+* Google Chrome
+
+### VPN (Virtual Private Network)
+* WireGuard VPN
+
+### Disk & Storage Encryption
+* Google Adiantum
@@ -0,0 +1,106 @@
+## Intro
+The Feistel Cipher is a cryptographic structure that divides the input into left and right blocks, repeatedly applying a round function to one block and combining its output with the other block.
+Typically, all elements of an encryption process must be invertible, as decryption requires reversing the encryption steps to recover the plaintext. However, the Feistel Cipher uniquely employs both invertible and non-invertible components.
+
+The primary reason the Feistel Cipher can utilize non-invertible elements lies in its design, which is based on the XOR operation.
+> [!Question] The Invertibility of XOR
+> Due to the "self-inverse" property of XOR, performing the same XOR operation during the decryption phase restores the original data.
+> * Self-inverse property: A⊕B⊕B=A
+
+As a result, the Feistel Cipher allows for more flexible designs compared to Non-Feistel Ciphers. Additionally, the use of non-invertible components simplifies management by making the encryption and decryption processes identical.
+
+A well-known example of a Feistel Cipher is [[DES]] (Data Encryption Standard). In contrast, a prominent example of a Non-Feistel Cipher is [[AES]] (Advanced Encryption Standard).
+
+
+## Design
+### 1-Round Feistel Structure
+![[Feistel_cipher(1).png]]
+
+The left side represents the encryption process, while the right side shows the decryption process.
+
+#### Encryption Process
+
+In the encryption process, the plaintext input $p = (L_0 \parallel R_0)$ is divided into $L_0$ and $R_0$. A function $F$ takes the key $k$ and $R_0$ as its input. Then, $L_0$ is XORed with the output of $F(k, R_0)$, producing the left half of the ciphertext $L_1$. Meanwhile, $R_0$ remains unchanged and becomes the right half of the ciphertext $R_1$.
+
+The encryption process can be represented mathematically as follows:
+$$
+L_1 = L_0 \oplus F(k, R_0)
+$$
+$$
+R_1 = R_0
+$$
+
+#### Decryption Process
+
+In the decryption process, the input ciphertext $c = (L'_0|R'_0) = (L_1|R_1)$ is divided into $L'_0$ and $R'_0$.
+$L'_0$ is XORed with $F(k, R'_0)$, resulting in the left half of the plaintext $L'_1$. Similarly, $R'_0$ remains unchanged and becomes the right half of the plaintext $R'_1$.
+
+The decryption process can be represented mathematically as follows:
+$$
+L'_1 = L'_0 \oplus F(k, R'_0)
+$$$$
+R'_1 = R'_0
+$$
+
+#### Observations
+
+As you may have noticed, the encryption and decryption processes are identical except for their inputs and outputs being reversed.
+
+Encryption:
+$$c = p \oplus (F(k, R_0) \parallel 0)$$
+Decryption: 
+$$c \oplus (F(k, R'_0) \parallel 0) \\ = p \oplus (F(k, R_0) \parallel 0) \oplus (F(k, R'_0) \parallel 0) \\ = p \oplus (F(k, R_0) \parallel 0) \oplus (F(k, R'_0) \parallel 0) \\ = p \oplus 0 = p$$
+As mentioned in the [[#Intro]], the self-inverse property of the XOR operation ensures that $F(k, R'_0)$ is canceled out during decryption. This means the decryption process works correctly even without requiring the inverse function $F^{-1}$, allowing the use of non-invertible components in the Feistel Cipher.
+
+#### Limitations of a 1-Round Feistel Structure
+
+Analyzing the 1-round Feistel Cipher reveals a critical drawback: the right half of the plaintext, $R_0$, directly becomes the right half of the ciphertext, $R_1$, without undergoing any transformation. This exposes half of the plaintext in the ciphertext, significantly compromising security.
+
+To address this issue, Feistel Cipher structures are designed with multiple rounds. In a multi-round Feistel Cipher, the left and right halves are swapped at the end of each round, effectively ensuring that all parts of the plaintext are processed. However, this design requires more rounds compared to Non-Feistel Ciphers to achieve the same level of security.
+
+### Multi-Round Feistel Structure
+![[Feistel_cipher(2).png]]
+The diagram above illustrates a Feistel structure with multiple rounds, as opposed to a single round.
+
+#### Encryption Process
+
+Unlike the single-round Feistel structure, in a multi-round Feistel Cipher, the right half of the plaintext ($R_0$) does not directly become the right half of the ciphertext ($R_1$). Instead, it becomes the left half of the output ($L_1$). Additionally, the XOR computation that previously resulted in $L_1$ in the single-round structure now determines $R_1$. In other words, the outputs of the left and right halves are swapped after each round.
+In the second round, $L_1$ undergoes further encryption, ensuring that both $L_0$ and $R_0$ are processed through the encryption rounds.
+
+The encryption process can be expressed as follows:
+$$L_1 = R_0$$
+$$
+R_1 = L_0 \oplus F(k_1, R_0)
+$$
+$$
+L_2 = L_1 \oplus F(k_2, R_1)
+$$
+$$
+R_2 = R_1
+$$
+
+#### Decryption Process
+
+The decryption process mirrors the encryption process, with the only difference being the reverse order of the keys used during the computation.
+$$
+L'_1 = R'_0 = R_2 = R_1
+$$
+$$
+R'_1 = L'_0 \oplus F(k_2, R'_0) = L_2 \oplus F(k_2, R_1)
+$$
+$$
+= L_1 \oplus F(k_2, R_1) \oplus F(k_2, R_1) = L_1 = R_0
+$$
+$$
+L'_2 = L'_1 \oplus F(k_1, R'_1) = R_1 \oplus F(k_1, R_0)
+$$
+$$
+= L_0 \oplus F(k_1, R_0) \oplus F(k_1, R_0) = L_0
+$$
+$$
+R'_2 = R'_1 = R_0
+$$
+
+> [!Note] 
+> A Feistel Cipher with two rounds provides the same level of security as a single round of a Non-Feistel Cipher. Therefore, Feistel Ciphers generally require a greater number of rounds to achieve comparable security.
+