-
-
Notifications
You must be signed in to change notification settings - Fork 3
libsodium.KeyStream
libsodium.KeyStream
Protected Class KeyStreamA key stream is a cryptographic primitive, not a complete tool. For general purpose encryption of data streams use the SecretStream class
This class provides a key stream: a pseudorandom stream of bytes generated from a key and a nonce. The key stream, viewed as a function of the nonce for a uniform random key, is designed to meet the standard notion of unpredictability ("PRF"). For a formal definition see, e.g., Section 2.3 of Bellare, Kilian, and Rogaway, "The security of the cipher block chaining message authentication code," Journal of Computer and System Sciences 61 (2000), 362–399; http://www-cse.ucsd.edu/~mihir/papers/cbc.html.
This means that an attacker cannot distinguish this function from a uniform random function. Consequently, if a series of messages is encrypted by the Process method with a different nonce for each message, the ciphertexts are indistinguishable from uniform random strings of the same length.
Note that the length is not hidden. Note also that it is the caller's responsibility to ensure the uniqueness of nonces—for example, by using nonce 1 for the first message, nonce 2 for the second message, etc. Nonces generated by the RandomNonce shared method are long enough that they have negligible risk of collision.
libsodium does not make any promises regarding the resistance of the derived keys to "related-key attacks." It is the caller's responsibility to use proper key-derivation functions; all of this class's public Constructor methods derive proper keys.
The XSalsa20 cipher is used by default. To use a different cipher (Salsa20, ChaCha20, or XChaCha20) specify the desired StreamType to the Constructor.
Portions of this page were copied verbatim from the libsodium documentation.
Wiki home | Project page | Bugs | Become a sponsor
Text and code examples are Copyright ©2016-24 Andrew Lambert, offered under the CC BY-SA 3.0 License.