The ChaCha family of stream ciphers

• [chacha] 6pp. (PDF) D. J. Bernstein. ChaCha, a variant of Salsa20. Document ID: 4027b5256e17b9796842e6d0f68b0b5e. URL: https://cr.yp.to/papers.html#chacha. Date: 2008.01.28. Supersedes: (PDF) 2008.01.20.

The Salsa20 directory in version 2008.01.20 of the eSTREAM benchmarking suite includes several implementations of ChaCha8 (and ChaCha12 and ChaCha20):

• ref, a reference implementation: chacha.c, Makefile, ecrypt-sync.h.
• regs: chacha.c, Makefile, ecrypt-sync.h. Similar to ref but uses separate temporary variables instead of a temporary array.
• merged: chacha.c, Makefile, ecrypt-sync.h. Similar to regs but inlines the ChaCha core.
• x86-1, specific to the Pentium, Athlon, and other x86 chips: chacha.q, chacha.s, Makefile, ecrypt-sync.h.
• x86-mmx, specific to the Pentium Pro and other CPUs with MMX registers: chacha.q, chacha.s, Makefile, ecrypt-sync.h. Uses some MMX registers as substitutes for stack positions.
• x86-xmm, specific to the Pentium 4 and other CPUs with SSE2 instructions: chacha.q, chacha.s, Makefile, ecrypt-sync.h.
• x86-xmm2, specific to the Pentium 4 and other CPUs with SSE2 instructions: chacha.q, chacha.s, Makefile, ecrypt-sync.h. Selects different SSE2 instructions.
• x86-xmm5, specific to the Pentium 4 and other CPUs with SSE2 instructions: chacha.q, chacha.s, Makefile, ecrypt-sync.h. Handles four blocks in parallel. Based on analogous Salsa20 code by Wei Dai.
• amd64-3, specific to the Athlon 64, Core 2 Duo, and other AMD64 chips: chacha.q, chacha.s, Makefile, ecrypt-sync.h.
• amd64-xmm6, specific to the Athlon 64, Core 2 Duo, and other AMD64 chips: chacha.q, chacha.s, Makefile, ecrypt-sync.h. Translation of x86-xmm5, with some additional instruction scheduling.
• ppc-altivec, specific to the PowerPC G4 and other CPUs with AltiVec instructions: chacha.c, Makefile, ecrypt-sync.h. Based on analogous Salsa20 code by Matthijs van Duin.
• sparc, specific to the UltraSPARC and other 64-bit SPARC chips: chacha.q, chacha.s, Makefile, ecrypt-sync.h.