A pure Haskell implementation of the ChaCha20 stream cipher as specified by RFC8439.
A sample GHCi session:
> :set -XOverloadedStrings
>
> -- import qualified
> import qualified Crypto.Cipher.ChaCha20 as ChaCha20
>
> -- encrypt some plaintext using a secret key and nonce
> let key = "don't tell anyone my secret key!"
> let non = "or my nonce!"
> let Right ciphertext = ChaCha20.cipher key 1 non "but you can share the plaintext"
> ciphertext
"\192*c\248A\204\211n\130y8\197\146k\245\178Y\197=\180_\223\138\146:^\206\&0\v[\201"
>
> -- use the cipher with the same key, counter, and nonce to decrypt the ciphertext
> ChaCha20.cipher key 1 non ciphertext
Right "but you can share the plaintext"
Haddocks (API documentation, etc.) are hosted at docs.ppad.tech/chacha.
The aim is best-in-class performance for pure, highly-auditable Haskell code.
Current benchmark figures on the simple "sunscreen input" from RFC8439
on an M4 Silicon MacBook Air look like (use cabal bench to run the
benchmark suite):
benchmarking ppad-chacha/cipher
time 468.3 ns (467.9 ns .. 468.8 ns)
1.000 R² (1.000 R² .. 1.000 R²)
mean 468.4 ns (468.0 ns .. 469.2 ns)
std dev 2.041 ns (1.317 ns .. 3.539 ns)
You should compile with the 'llvm' flag for maximum performance.
This library aims at the maximum security achievable in a garbage-collected language under an optimizing compiler such as GHC, in which strict constant-timeness can be challenging to achieve.
The ChaCha20 cipher within passes all test vectors from RFC8439, and the downstream AEAD-ChaCha20-Poly1305 implementation in ppad-aead passes all the Project Wycheproof vectors.
If you discover any vulnerabilities, please disclose them via security@ppad.tech.
You'll require Nix with flake support enabled. Enter a development shell with:
$ nix develop
Then do e.g.:
$ cabal repl ppad-chacha
to get a REPL for the main library.