Redesign the subkeys derivation and nonce enxtension schemes

The current key derivation and nonce extension scheme are expensive: 2 `BLAKE3.derive_key`.

Following `ChaCha20-Poly1305` ([RFC 8439](https://datatracker.ietf.org/doc/html/rfc8439)) and `XChaCha20` ([IETF draft](https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha)) we could generate the subkeys and chachaNonce in a single `ChaCha12` call.

Something like:
```
key: 32 byte, nonce: 32 bytes

subKeys [64]byte := ChaCha12(key, nonce[0:8], 0, nonce[8:24] || 0x0 * 48)
encryptionKey := subKeys[0:32]
encryptionNonce := nonce[24:32]
authenticationKey := subKeys[32:64]
```

or

`KDF_CONSTANT = "ChaCha12-BLAKE3 KDF"`

```
key: 32 bytes, nonce: 24 bytes

subKeys [64]byte := ChaCha12(key, Uint64FromLE(nonce[8:16]), nonce[16:24], KDF_CONSTANT || 0x0 * 45)
encryptionKey := subKeys[0:32]
encryptionNonce := nonce[0:8]
authenticationKey := subKeys[32:64]
```

but more elegant.

Ideas are welcome.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Redesign the subkeys derivation and nonce enxtension schemes #5

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Redesign the subkeys derivation and nonce enxtension schemes #5

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions