# #StackBounty: #stream-cipher #authenticated-encryption #chacha #salsa20 #poly1305 Append data to authenticated ciphertext encrypted usi…

### Bounty: 50

Say we have xSalsa20 authenticated using Poly1305. If $$X$$ is the ciphertext, $$N$$ is the nonce value, and $$H$$ is the authentication tag such that the final ciphertext is $$N || X || H$$, then given the key $$K$$, is it possible to extend $$X$$ with more data, without decrypting it, updating $$N$$ and $$Y$$ as needed? (I’m not sure if $$N$$ would need to be changed.)

Salsa20 is a stream cipher so it produces a CSPR key-stream, $$S$$, and then then ciphertext becomes $$X = S oplus P$$, where $$P$$ is the plaintext. So I intuitively feel as though this should be a lot easier to do than with a block cipher. Perhaps by generating the same key-stream up until the size of the ciphertext and encrypting the new data with the part of the key-stream past that point. If the authentication tag is generated from the ciphertext then decryption wouldn’t be necessary for that either. Also the nonce would not really be reused in a scheme like this as far as I can see.

How well would this translate to other stream ciphers like XChaCha20-Poly1305?

Get this bounty!!!

This site uses Akismet to reduce spam. Learn how your comment data is processed.