|
|
|
|
|
|
by api
1789 days ago
|
|
|
SIV is usually done with AES/GMAC constructions but you could do it with ChaChaPoly just fine. The big downside is that it requires two passes on encrypt: one to create the MAC and derive the IV and another to encrypt. The overhead for this is small for message/packet based systems though since after pass one the data will be sitting hot in the processor's L0 cache. Decryption can be done in one pass. |
|
|