CHACHA20 to replace the bulky AES-GCM??

[victoroldschool]

Hey, it mentioned to contact you if anyone is aware of encryption cyphers that are supported in the various languages you listed - "ChaCha20-Poly1305" looks like it will fit the bill. It's arguably even better than security wise than GCM, and runs waaaay faster than GCM even on the devices that have hardware AES-NI support.

• I think Apple calls it something slightly different "chachapoly". I see a Swift cipher package on github called "Cryptoswift" that includes the chacha20 cipher.

• Kotlin has several implementations if I'm looking correctly... Jetbrains, Romain-P.

• I also see both a GO & Rust implementation as well.

This would definitely make a BIG difference as ChaCha20 runs absolutely beautifully even on super low powered or low performing hardware. Many folks will see a drastic speed increase with an equal or lower CPU usage, especially on slower/older hardware.

Cheers!

[spieglt]

The desktop Flying Carpet versions used to use libsodium's xchacha20poly1305 secretstream API. I swapped it for AES-GCM when I wrote the mobile versions, mostly because it's the AEAD that Apple offered directly through CryptoKit. I don't see that CryptoSwift has been audited, so I'm not going to swap it for Apple's officially supported option. I haven't released a version in a while so my memory is fuzzy, but I think Apple applies additional scrutiny in the review process if you use third-party cryptography.

As for performance, I've tested it with encryption disabled, and seen very minimal differences in speed. I think the WiFi cards are likely to be the bottleneck even for low-powered devices. Thanks for the recommendation but I probably won't change this unless and until Apple releases their own xchacha20poly1305 implementation or a serious problem is found with AES-GCM.