#01
What Is ChaCha20?
ChaCha20 is a high-performance stream cipher designed by Daniel J. Bernstein. It is widely adopted as an alternative to AES, especially on mobile devices and embedded systems that lack AES-NI hardware acceleration, where the software implementation of ChaCha20 is significantly faster than AES.
ChaCha20 uses a 256-bit key and a 96-bit Nonce (number used once), XORing the plaintext bit by bit to produce ciphertext without padding. It has been standardized in RFC 7539 and RFC 8439.
In practice, ChaCha20 is often combined with the Poly1305 message authentication code to form ChaCha20-Poly1305 AEAD (Authenticated Encryption with Associated Data), providing both confidentiality and integrity protection.
#02
Algorithm Variants & Core Features
The ChaCha20 family includes the following main variants, all supported by this tool:
- ChaCha20: Basic version using a 12-byte (96-bit) Nonce, suitable for scenarios where counters can be safely managed.
- XChaCha20: Extended version using a 24-byte (192-bit) Nonce, allowing random Nonce generation without worrying about collisions—recommended.
- ChaCha20-Poly1305: AEAD mode with a 16-byte Poly1305 authentication tag, supporting optional AAD (Additional Authenticated Data).
- XChaCha20-Poly1305: The most secure combination: long Nonce + AEAD, for high-security requirements.
The most important rule when using ChaCha20: never reuse the same (Key, Nonce) pair, as this will cause keystream leakage. With this tool, you can use the "Random" button to generate secure keys and Nonces with a single click.
#03
Data Security & Privacy
This tool is designed around the core principle of "100% frontend-only operation." All ChaCha20 encryption and decryption operations, key and Nonce generation, and Hex/Base64 encoding conversions are performed locally in your browser. No input data is sent to any server, and no keys or plaintext are stored anywhere.
For highly sensitive encryption tasks (such as encrypting personal keys or internal confidential data), we recommend using this tool in an offline environment, or first ensuring that your browser has no malicious extensions. Keys should ideally be generated using the built-in random function to avoid weak passwords.