Received 28.10.2026, Revised 30.01.2026, Accepted 26.03.2026 Published 20.04.2026

ChaCha: Development and modification of Salsa20 in modern cryptographic systems

Oleksii Palii, Oleksandr Dudnyk

The study reviewed the ChaCha20 stream cypher as the successor to the Salsa20 algorithm, emphasising development, technical features, and application in modern cryptosystems. The research relevance is determined by the widespread implementation of ChaCha20 in security protocols (TLS 1.3, VPN, etc.) due to its high performance in software implementations and resistance to cryptanalysis. The study aimed to analyse the evolution of ChaCha from Salsa20, compare it with other cyphers, and summarise the latest achievements in terms of modifications and performance. The study used methods of analysing literary sources and experimental data on the speed and resistance of cyphers. The main results included a highlighted history of ChaCha’s creation based on Salsa20 and improving diffusion per round, a detailed description of the algorithm’s structure (4×4 state matrix, addition-rotation-XOR operations) and its cryptographic strength (no practical attacks on the full 20-round version). The advantages of ChaCha20 over the Advanced Encryption Standard (AES) in a software environment are demonstrated; in particular, on platforms without AES hardware acceleration, ChaCha20 runs up to 3 times faster with an equivalent level of security. The implementation of ChaCha20-Poly1305 in TLS and WireGuard is considered, as well as the use of XChaCha for extended nonces and the Adiantum algorithm for disk encryption on mobile devices. Modern modifications of ChaCha (e.g., increasing the number of rounds) and their impact on performance and security were analysed.  The practical value of the review is determined by a summary of modern experience with ChaCha20, which can be used for the selection of cryptographic algorithms in resource-constrained systems and for further research in the field of stream cyphers

stream cipher; Advanced Encryption Standard; TLS 1.3; cryptanalysis; resource-constrained systems
9-21
Palii, O., & Dudnyk, O. (2026). ChaCha: Development and modification of Salsa20 in modern cryptographic systems. Information Technologies and Computer Engineering, 23(1), 9-21. https://doi.org/10.31649/vitce/1.2026.09

References

  1. Arciszewski, S. (2019). XchaCha: eXtended-nonce ChaCha and AEAD_XchaCha20_Poly1305. Internet-Draft draft-irtf-cfrg-xchacha-01. Retrieved from https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-xchacha-01.
  2. Aumasson, J.P., Fischer, S., Khazaei, S., Meier, W., & Rechberger, C. (2008). New features of Latin dances: Analysis of Salsa, ChaCha, and Rumba. In K. Nyberg (Eds.), Fast software encryption. FSE 2008. Lecture notes in computer science (Vol. 5086, pp 470-488). Berlin: Springer. doi: 10.1007/978-3-540-71039-4_30.
  3. Barbero, S., Bazzanella, D., & Bellini, E. (2022). Rotational cryptanalysis on ChaCha stream cipher. Symmetry, 14(6), article number 1087. doi: 10.3390/sym14061087.
  4. Bernstein, D.J. (2008). The Salsa20 family of stream ciphers. In M. Robshaw & O. Billet (Eds.), New stream cipher designs. Lecture notes in computer science (Vol. 4986, pp. 84-97). Berlin: Springer. doi: 10.1007/978-3-540-68351-3_8.
  5. Cai, W. (2022). Implementation and optimization of ChaCha20 stream cipher on Sunway taihuLight supercomputer. The Journal of Supercomputing, 78(3), 4199-4216. doi: 10.1007/s11227-021-04023-9.
  6. Crowley, P., & Biggers, E. (2019). Introducing Adiantum: Encryption for the next billion users. Retrieved from https://security.googleblog.com/2019/02/introducing-adiantum-encryption-for.html.
  7. Datadog Security. (n.d.). RC4 encryption is now insecure. Retrieved from https://docs.datadoghq.com/security/code_security/static_analysis/static_analysis_rules/go-security/import-rc4/.
  8. De Santis, F., Schauer, A., & Sigl, G. (2017). ChaCha20‑Poly1305 authenticated encryption for high‑speed embedded IoT applications. In Design, automation & test in Europe conference & exhibition (pp. 692-697). Lausanne: IEEE. doi: 10.23919/DATE.2017.7927078.
  9. Degabriele, J.P., Govinden, J., Günther, F., & Paterson, K.G. (2021). The security of ChaCha20-Poly1305 in the multi-user setting. In Proceedings of the 2021 ACM SIGSAC conference on computer and communications security (CCS’21) (pp. 1981-2003). New York: ACM. doi: 10.1145/3460120.3484814
  10. Dey, C., & Sarkar, S. (2023). A new distinguishing attack on reduced round ChaCha permutation. Scientific Reports, 13, article number 13958. doi: 10.1038/s41598-023-39849-1.
  11. Donenfeld, J. (2017). WireGuard: Next generation kernel network tunnel. NDSS 2020. In Network and distributed system security symposium (article number 4846ada1492f5d92198df154f48c3d54205657b). San Diego: NDSS. doi: 10.14722/ndss.2017.23160.
  12. Dworkin, M. (2016). Recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) and GMAC. Gaithersburg: NIST. doi: 10.6028/NIST.SP.800-38D.
  13. Gülmezoglu, B., Irazoqui, G., Eisenbarth, T., & Sunar, B. (2019). Cross-VM cache attacks on AES. IEEE Transactions on Multi‑Scale Computing Systems, 2(3), 211-222. doi: 10.1109/TMSCS.2016.2550438.
  14. Kebande, V.R. (2023). Extended-ChaCha20 stream cipher with enhanced quarter round function. IEEE Access, 11, 114220-114237. doi: 10.1109/ACCESS.2023.3324612.
  15. Krasnov, V. (2016). It takes two to ChaCha (Poly). Retrieved from https://blog.cloudflare.com/it-takes-two-to-chacha-poly.
  16. Langley, A., Chang, W., Mavrogiannopoulos, N., Strombergson, J., & Josefsson, S. (2016). ChaCha20-Poly1305 Cipher Suites for TLS (RFC 7905). Retrieved from https://www.rfc-editor.org/rfc/rfc7905.html.
  17. Maitra, S. (2016). Chosen IV cryptanalysis on reduced-round ChaCha and Salsa. Discrete Applied Mathematics, 208, 88-97. doi: 10.1016/j.dam.2016.02.020.
  18. Najm, Z., Jap, D.,  Jungk,  B.,  Picek, S., & Bhasin, S. (2018). On comparing side‑channel properties of AES and ChaCha20 on microcontrollers. In IEEE Asia Pacific conference on circuits and systems (APCCAS) (pp. 552-555). Chengdu: IEEE. doi: 10.1109/APCCAS.2018.8605653.
  19. Nir, Y., & Langley, A. (2015). ChaCha20 and Poly1305 for IETF protocols (RFC 7539). Retrieved from https://www.rfc-editor.org/rfc/rfc7539.html.
  20. Pfau, J., Reuter, M., Harbaum, T., Hofmann, K., & Becker, K. (2019). A hardware perspective on the ChaCha ciphers: Scalable ChaCha8/12/20 implementations ranging from 476 slices to bitrates of 175 Gbit/s. In 32nd IEEE international system-on-chip conference (SOCC) (pp. 294-299). Singapore: IEEE. doi: 10.1109/SOCC46988.2019.1570548289.
  21. Polubelova, M., Bhargavan, K., Protzenko, J., Beurdouche, B., Fromherz, A., Kulatova, N., & Zanella-Béguelin, S. (2020). HACLxN: Verified generic SIMD crypto (for all your favourite platforms). In Proceedings of the 2020 ACM SIGSAC conference on computer and communications security (CCS’20) (pp. 899-918). New York: ACM. doi: 10.1145/3372297.3423352.
  22. Procter, G. (2014). A Security analysis of the composition of ChaCha20 and Poly1305. Retrieved from https://eprint.iacr.org/2014/613.pdf.
  23. Rashidi, B. (2024). High-performance hardware structure of ChaCha20 stream cipher based on sparse parallel prefix adder. International Journal of Circuit Theory and Applications, 53(5), 2947-2957. doi: 10.1002/cta.4264.
  24. Rescorla, E. (2018). The transport layer security (TLS) protocol version 1.3. (RFC 8446). Retrieved from https://www.rfc-editor.org/rfc/rfc8446.html.
  25. Ristenpart, T., Tromer, E., Shacham, H., & Savage, S. (2009). Hey, you, get off of my cloud: Exploring information leakage in third-party compute clouds. In Proceedings of the 16th ACM conference on computer and communications security (CCS 2009) (pp. 199-212). Chicago: ACM. doi: 10.1145/1653662.1653687.
  26. Serrano, R., Duran, C., Sarmiento, M., Pham, C., & Hoang, T. (2022). ChaCha20-Poly1305 AEAD for transport layer security 1.3. Cryptography, 6(2), article number 30. doi: 10.3390/cryptography6020030.
  27. Sullivan, N. (2014). Do the ChaCha: Better mobile performance with cryptography. Retrieved from https://blog.cloudflare.com/do-the-chacha-better-mobile-performance-with-cryptography.
  28. Tsoupidi, R.-M., Balliu, M., & Baudry, B. (2021). Vivienne: Relational verification of cryptographic implementations in WebAssembly (verifies ChaCha20/Poly1305 in WHACL*). ArXivdoi: 10.48550/arXiv.2109.01386.
  29. Xu, Z., Xu, H., Tan, L., & Qi, W. (2024). Improved differential-linear cryptanalysis of reduced-round ChaCha permutation. IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 2024(2), 166-189. doi: 10.46586/tosc.v2024.i2.166-189.
  30. Zinzindohoué, J.-K., Bhargavan, K., Protzenko, J., & Beurdouche, B. (2017). HACL*: A verified modern cryptographic library. In Proceedings of the 2017 ACM SIGSAC conference on computer and communications security (CCS’17) (pp. 1789-1806). New York: ACM. doi: 10.1145/3133956.3134043.