HChaCha20

Purpose

HChaCha20 is a pseudorandom function (PRF) based on ChaCha20 and HSalsa20. It takes a 512-bit input and produces a 256-bit output. This makes it suitable for fast key derivation from high-entropy input keying material, as done for XChaCha20.

You probably want BLAKE2b instead because it is much more flexible. Argon2id MUST be used for password-based key derivation.

Usage

DeriveKey

Fills a span with output keying material derived from high-entropy input keying material, a nonce, and an optional personalization constant for domain separation.

HChaCha20.DeriveKey(Span<byte> outputKeyingMaterial, ReadOnlySpan<byte> inputKeyingMaterial, ReadOnlySpan<byte> nonce, ReadOnlySpan<byte> personalization = default)

Exceptions

ArgumentOutOfRangeException

outputKeyingMaterial has a length not equal to OutputSize.

ArgumentOutOfRangeException

inputKeyingMaterial has a length not equal to KeySize.

ArgumentOutOfRangeException

nonce has a length not equal to NonceSize.

ArgumentOutOfRangeException

personalization has a length greater than 0 but not equal to PersonalSize.

Constants

These are used for validation and/or save you defining your own constants.

public const int OutputSize = 32;
public const int KeySize = 32;
public const int NonceSize = 16;
public const int PersonalSize = 16;

Notes

HChaCha20 is NOT a general-purpose hash function. Use BLAKE2b.

The input keying material MUST be a uniformly random key, NOT a password, public key, or X25519 shared secret.

Last updated