Paper 2018/1127

Freestyle, a randomized version of ChaCha for resisting offline brute-force and dictionary attacks

P. Arun Babu and Jithin Jose Thomas


This paper introduces Freestyle, a randomized, and variable round version of the ChaCha cipher. Freestyle demonstrates the concept of hash based halting condition, where a decryption attempt with an incorrect key is likely to take longer time to halt. This makes it resistant to key-guessing attacks i.e. brute-force and dictionary based attacks. Freestyle uses a novel approach for ciphertext randomization by using random number of rounds for each block of message, where the exact number of rounds are unknown to the receiver in advance. Due to its inherent random behavior, Freestyle provides the possibility of generating up to $2^{256}$ different ciphertexts for a given key, nonce, and message; thus resisting key and nonce reuse attacks. This also makes cryptanalysis through known-plaintext, chosen-plaintext, and chosen-ciphertext attacks difficult in practice. Freestyle is highly customizable, which makes it suitable for both low-powered devices as well as security-critical applications. It is ideal for: (i) applications that favor ciphertext randomization and resistance to key-guessing and key reuse attacks; and (ii) situations where ciphertext is in full control of an adversary for carrying out an offline key-guessing attack.

Available format(s)
Secret-key cryptography
Publication info
Brute-force resistant ciphersDictionary based attacksKey-guessing penaltyProbabilistic encryptionFreestyleChaCha
Contact author(s)
arun hbni @ gmail com
2018-11-29: received
Short URL
Creative Commons Attribution


      author = {P.  Arun Babu and Jithin Jose Thomas},
      title = {Freestyle, a randomized version of ChaCha for resisting offline brute-force and dictionary attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2018/1127},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.