Using Chacha20 with a NULL nonce

Question

I am new to ChaCha20. From the RFC --

The inputs to ChaCha20 are:

o A 256-bit key, treated as a concatenation of eight 32-bit little- endian integers.

o A 96-bit nonce, treated as a concatenation of three 32-bit little- endian integers.

o A 32-bit block count parameter, treated as a 32-bit little-endian integer.

Now the counter is not provided as an input option. They implement the counter underneath the hood. For the sake of this question, let's assume the counter is implemented properly.

Now if I use a NULL nonce, the counter is still used. Will it be ok?

Is the max number of messages that can be encrypted this way before the key must be changed 2^32? or is it the max number of bytes?

You can see a better solution here [How to generate a nonce for ChaCha20 Poly1305?](https://crypto.stackexchange.com/q/77982/18298) — kelalaka, Mar 31 '20 at 17:29

score 0 · Answer 1 · answered Mar 31 '20 at 16:11

0

A nonce doesn't have to be secret or unpredictable; it just can't be reused. It's perfectly fine to use an all-zero nonce one time with a given key. You just have to make sure you never reuse it, just as with any other nonce value you'd use. To be clear, this means a maximum of one message.

answered Mar 31 '20 at 16:11

Joseph Sible-Reinstate Monica

7,110
3
21
35

@SFlow Block level – Joseph Sible-Reinstate Monica Mar 31 '20 at 16:21

Using Chacha20 with a NULL nonce

1 Answers1