Drop chacha20poly1305 dependency #498

New issue

Closed

opened 2025-12-28 17:37:36 +00:00 by sami · 1 comment

sami commented

2025-12-28 17:37:36 +00:00

Owner

Originally created by @roman-khimov on GitHub (Mar 11, 2025).

I'm always frustrated when we have dependencies we don't really need. chacha20poly1305 was introduced in #80 along with ed25519 crypto. Then the key scheme was changed to 256r1 since that's what we have in Neo, NeoFS, etc. But chacha20poly1305 remained.

Describe the solution you'd like

There is nothing inherently wrong with it, but at the same time it's an additional dependency that can be easily avoided. We've got https://pkg.go.dev/crypto/cipher@go1.24.1#AEAD that works fine over standard AES (and handles random nonce internally as well).

Describe alternatives you've considered

Keep things as is, import and maintain x/crypto dependency that also pulls x/net that always has some bugs @dependabot wants to fix.

Context

#1080, the other thing we're using from x/crypto is hkdf, but it's a part of the standard Go 1.24.

Originally created by @roman-khimov on GitHub (Mar 11, 2025). ## Is your feature request related to a problem? Please describe. I'm always frustrated when we have dependencies we don't really need. chacha20poly1305 was introduced in #80 along with ed25519 crypto. Then the key scheme was changed to 256r1 since that's what we have in Neo, NeoFS, etc. But chacha20poly1305 remained. ## Describe the solution you'd like There is nothing inherently wrong with it, but at the same time it's an additional dependency that can be easily avoided. We've got https://pkg.go.dev/crypto/cipher@go1.24.1#AEAD that works fine over standard AES (and handles random nonce internally as well). ## Describe alternatives you've considered Keep things as is, import and maintain x/crypto dependency that also pulls x/net that always has some bugs @dependabot wants to fix. ## Context #1080, the other thing we're using from x/crypto is hkdf, but it's a part of the standard Go 1.24.