Implements ChaCha20-Poly1305 authenticated encryption as an EVM precompile. Provides the same encrypt/decrypt interface as AES-GCM (LP-116) but uses the ChaCha20 stream cipher with Poly1305 MAC. Preferred on platforms without AES hardware acceleration (ARM without NEON-AES) and used by age encryption, WireGuard, and TLS 1.3 fallback cipher suites.
0x0000000000000000000000000000000000009211 -- Crypto Ops range.
Operation selector is the first byte of input.
0x01 Encrypt: key(32) + nonce(12) + aad_len(2) + aad + plaintext -> ciphertext + tag(16)
0x02 Decrypt: key(32) + nonce(12) + aad_len(2) + aad + ciphertext+tag -> plaintext
Identical layout to AES-GCM (LP-116). The 16-byte Poly1305 tag is appended/verified automatically.
Slightly cheaper than AES-GCM due to the simpler cipher construction (no block cipher key schedule).
1. ChaCha20-Poly1305 is IND-CCA2 secure per RFC 8439.
2. Same nonce-reuse catastrophe as AES-GCM -- never reuse a (key, nonce) pair.
3. ChaCha20 is a stream cipher; constant-time by construction (no table lookups vulnerable to cache-timing attacks).
4. Poly1305 MAC is information-theoretically secure for a single message per key.
github.com/luxfi/precompile/chacha20/Copyright (C) 2024-2026, Lux Partners Limited. All rights reserved.
Licensed under the MIT License.