Boring crypto that simply works

HChaCha20 special-purpose hashing

#include <monocypher.h>

crypto_hchacha20(uint8_t out[32], const uint8_t key[32], const uint8_t in[16]);

() provides a not-so-cryptographic hash. It may be used for some specific purposes such as X25519 key derivation or XChaCha20 initialisation. If in doubt, do not use directly. Use crypto_blake2b() instead.

The arguments are:

A sufficiently random key, such as the output of crypto_x25519().
The space reserved for the ChaCha20 nonce and counter. It does not have to be random.
A cryptographically secure random number there is enough entropy in key. X25519 shared secrets have enough entropy.

This function returns nothing.

The following example assumes the existence of arc4random_buf(), which fills the given buffer with cryptographically secure random bytes. If arc4random_buf() does not exist on your system, see intro() for advice about how to generate cryptographically secure random bytes.

Simple hash:

uint8_t key[32]; /* Must have enough entropy           */
uint8_t in [16]; /* Does not have to be random         */
uint8_t out[32]; /* Will be random iff the above holds */
arc4random_buf(key, 32);
crypto_hchacha20(out, key, in);
/* Wipe secrets if they are no longer needed */
crypto_wipe(key, 32);
crypto_wipe(in , 16);


This function implements HChaCha20. HChaCha20 derives from ChaCha20 the same way HSalsa20 derives from Salsa20.

The crypto_hchacha20() function first appeared in Monocypher 0.1 as crypto_chacha20_H(). It was renamed to crypto_hchacha20() in Monocypher 3.0.0.


February 13, 2022 Debian