Hi,
On Wed, 15 Jan 2014 22:01:13 +0100 nisse@lysator.liu.se (Niels Möller) wrote:
In the chacha paper I've read, it seems that "chacha" is the name of the family, and "chacha20" always refers to the 20-round variant. So a reduced round chacha would be named "chacha12", not "chacha20_r12". Right?
Yes.
Should we follow that naming? If so, the 20-round crypt function should be "chacha20_crypt" (not "chacha_crypt"), and if we introduce a crypt function with a variable number of rounds, that could be named "chacha_crypt".
It might be a bit confusing if we have
chacha20_crypt (20 rounds) chacha12_crypt (12 rounds) chacha128_set_key (128 key bits) chacha256_set_key (256 key bits)
What about:
chacha20_crypt (20 rounds) chacha12_crypt (12 rounds) chacha_set_key128 (128 key bits) chacha_set_key256 (256 key bits) salsa20_set_key128 (128 key bits) salsa20_set_key256 (256 key bits)
Opinions?
Imho moving Salsa20/R functions to the ChachaR naming would work too :)
And don't forget XSalsa20/r (using HSalsa20/r and an additional 128-bit nonce, defined only for 256-bit keys afaik, but theoretically should work with 128-bit keys too)... xsalsa20r12_set_key256? :D (The number of rounds does actually matter in this case)
regards, Stefan