ChaCha20 and Poly1305 for IETF Protocols

The information below is for an old version of the document
Document Type Expired Internet-Draft (cfrg RG)
Authors Yoav Nir  , Adam Langley 
Last updated 2017-08-03 (latest revision 2017-01-30)
Stream Internet Research Task Force (IRTF)
Expired & archived
plain text xml pdf htmlized bibtex
IETF conflict review conflict-review-nir-cfrg-rfc7539bis
Stream IRTF state In IRSG Poll
Consensus Boilerplate Yes
Document shepherd No shepherd assigned
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


This document defines the ChaCha20 stream cipher as well as the use of the Poly1305 authenticator, both as stand-alone algorithms and as a "combined mode", or Authenticated Encryption with Associated Data (AEAD) algorithm. RFC 7539, the predecessor of this document, was meant to serve as a stable reference and an implementation guide. It was a product of the Crypto Forum Research Group (CFRG). This document merges the errata filed against RFC 7539 and adds a little text to the Security Considerations section.


Yoav Nir (
Adam Langley (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)