ChaCha20
/ˈtʃɑː-tʃɑː-twɛn-ti/
n. “Fast. Portable. Secure — even when the hardware isn’t helping.”
ChaCha20 is a modern stream cipher designed to encrypt data quickly and securely across a wide range of systems, especially those without specialized cryptographic hardware. Created by Daniel J. Bernstein as a refinement of the earlier ChaCha family, ChaCha20 exists to solve a practical problem that older ciphers struggled with: how to deliver strong encryption that remains fast, predictable, and resistant to side-channel attacks on ordinary CPUs.
Unlike block ciphers such as AES, which encrypt fixed-size chunks of data, ChaCha20 generates a continuous pseudorandom keystream that is XORed with plaintext. This makes it a stream cipher — conceptually simple, mechanically elegant, and well suited for environments where data arrives incrementally rather than in neat blocks.
The “20” in ChaCha20 refers to the number of rounds applied during its internal mixing process. These rounds repeatedly scramble a 512-bit internal state using only additions, XORs, and bit rotations. No lookup tables. No S-boxes. No instructions that leak timing information. This arithmetic-only design is deliberate, making ChaCha20 highly resistant to timing attacks that have historically plagued some AES implementations on older or embedded hardware.
ChaCha20 is rarely used alone. In practice, it is almost always paired with Poly1305 to form an AEAD construction known as ChaCha20-Poly1305. This pairing provides both confidentiality and integrity in a single, tightly coupled design. Encryption hides the data; authentication proves it hasn’t been altered. One without the other is half a lock.
This combination is now widely standardized and deployed. Modern TLS implementations support ChaCha20-Poly1305 as a first-class cipher suite, particularly for mobile devices where hardware acceleration for AES may be absent or unreliable. When your phone loads a secure website smoothly on a weak CPU, ChaCha20 is often doing the heavy lifting.
ChaCha20 also plays a central role in WireGuard, where it forms the backbone of the protocol’s encryption layer. Its speed, simplicity, and ease of correct implementation align perfectly with WireGuard’s philosophy: fewer knobs, fewer mistakes, fewer surprises.
From a developer’s perspective, ChaCha20 is refreshingly hard to misuse. It avoids the fragile modes and padding schemes associated with block ciphers, and its reference implementations are compact enough to audit without losing one’s sanity. That simplicity translates directly into fewer bugs and fewer catastrophic mistakes.
ChaCha20 does not replace AES outright. On systems with dedicated AES instructions, AES can still be faster. But where hardware support is absent, inconsistent, or suspect, ChaCha20 often wins — not by being clever, but by being dependable.
It does not claim to be unbreakable forever. No serious cryptography does. Instead, ChaCha20 earns trust through conservative design, open analysis, and years of public scrutiny. It performs exactly the job it claims to perform, and little else.
ChaCha20 is encryption without theatrics. Arithmetic over spectacle. Reliability over bravado. A cipher built for the real world, where hardware varies, attackers are patient, and correctness matters more than tradition.