Skip to content


Folders and files

Last commit message
Last commit date

Latest commit



9 Commits

Repository files navigation

XChaCha20 - Extended Nonce Version of ChaCha20

XChaCha20 is a stream cipher based on ChaCha20. XChaCha20 uses a 256-bit key and a 192-bit nonce. According to an IETF draft:, "The eXtended-nonce ChaCha cipher construction (XChaCha) allows for ChaCha-based ciphersuites to accept a 192-bit nonce with similar guarantees to the original construction, except with a much lower probability of nonce misuse occurring. This enables XChaCha constructions to be stateless, while retaining the same security assumptions as ChaCha." Also, XChaCha20 does not use any look up tables and is immune to timing attacks. This library is based on Daniel J. Bernstein's reference implementation of the ChaCha stream cipher.

I decided to make this small C library for XChaCha20 because I could not find one. Unlike some other libraries, it only allows using XChaCha20 with a 256-bit key and a 192-bit nonce. No other key sizes or nonce sizes are allowed. A large benefit of using XChaCha20 over the regular ChaCha20 is that the larger nonce (192 bits v.s. 64 bits) allows the use of random nonces and is more resistant to nonce misuse.

More Information

IETF XChaCha20 Draft

Bernstein's ChaCha Web page

Libsodium Documentation

Crypto++ Documentation



I am not a cryptographer so use this library at your own risk.

Getting Started

Import the library into your project

    #include "xchacha20.h"

Create a XChaCha context

    XChaCha_ctx ctx;

Set up the 256-bit encryption key and the 192-bit nonce to be used.

    xchacha_keysetup(&ctx, key, nonce);

Optionally, set the counter to a different starting value other than zero.

    xchacha_set_counter(&ctx, 0x1);

Then use xchacha_encrypt_bytes or xchacha_encrypt_blocks to encrypt data

    xchacha_encrypt_bytes(&ctx, plaintext, ciphertext, sizeof(plaintext));

Test Vectors

In the src folder is a program named test.c It calculates and compares XChaCha20 test vectors obtained from two different sources. The test vectors were borrowed from the IETF draft regarding XChaCha20 and an example from Crypto++ wikipedia. It will compare the output of this XChaCha20 library with known good test vectors to ensure this library is working correctly.

To make the test program simply run make


Then run the test program


The program will produce the following output if successful:

Cryptographic tests passed

If this library failed to generate the correct ciphertexts, then something is wrong with the library and you will see this output:

Cryptographic tests failed!

To Do

  • Add a program to calculate and compare test vectors
  • Find and add more test vectors for XChaCha20


Pull requests, new feature suggestions, and bug reports/issues are welcome.


This project uses semantic versioning 2.0. Version numbers follow the MAJOR.MINOR.PATCH format.


This project is licensed under the 3-Clause BSD License also known as the "New BSD License" or the "Modified BSD License". A copy of the license can be found in the LICENSE file. A copy can also be found at the Open Source Institute


A small C library for the XChaCha20 stream cipher








No packages published