Last Updated: 2023-08-20


AES: Advanced Encryption Standard.

  • successor of Data Encryption Standard (DES)
  • symmetric-key algorithm
  • can be accelerated by hardware (like graphics can be accelerated by GPU), supported by instruction set extensions in Intel Core i3/i5/i7, AMD Ryzen CPUs, ARMv8.


  • AE: Authenticated Encryption.
  • AEAD: Authenticated Encryption with Associated Data.

AEAD: authenticity (who the sender is) and integrity (the data has not been tampered with) of that data, but not its secrecy.


  • AEAD: encrypts data and ensures the authenticity.
  • MAC: does not encrypt, but ensures that data is authentic.


  • MAC: message authentication code. (A.k.a a tag)
  • HMAC: hash-based message authentication code, using a cryptographic hash function like SHA-3, which results in a name like HMAC-SHA3-256.

Purpose: confirm (1) the message came from the stated sender (2) the message has not been changed.

Cryptographic hash function

Or Message Digest

  • transform a sequence of bits into a fixed sequence of bits.
  • a one-way, non-invertible function

Input and output:

  • input data: message(any string)
  • output: message digest(the hash value).

Methods: (SHA = Secure Hash Algorithm)

  • SHA-1 (1995): 160-bit (20-byte). Deprecated. All major browsers stopped accepting SHA-1 SSL certificates by 2017.
  • SHA-2 (2001): a family of six hash functions, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256 (numbers are num of bits).
  • SHA-3 (2015): SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256
  • MD5: 128bit, used as a checksum to verify data integrity, but only against unintentional corruption.


  • SHA-224 and SHA-256 share the same specification, but use different initial hash values, and the final hash value is truncated to 224 bits for SHA-224.
  • similar to SHA-512, SHA-384, SHA-512/224 and SHA-512/256, except that the final hash value is truncated to 224 bits for SHA-512/224, 256 bits for SHA- 512/256 or 384 bits for SHA-384.
  • SHA-256 is faster on 32-bit hardware

Asymmetric cryptography

Asymmetric cryptography uses key pairs: a public key, and a private key.

2 use cases:

  • Sign: Private key signs (produces a hash value of the message) => public key verify signatures.
  • Encrypt: Public key encrypts => private key decrypts.

A private key of a key pair may be used either to:

  • Decrypt a message only intended for the recipient, which may be encrypted by anyone having the public key (asymmetric encrypted transport).
  • Encrypt a message which may be decrypted by anyone, but which can only be encrypted by one person; this provides a digital signature.

The public key is mathematically related to the private key, but given sufficient key length, it is computationally impractical to derive the private key from the public key.

The public key is comprised of a string of random numbers and can be used to encrypt a message. Only the intended recipient can decipher and read this encrypted message and it can only be deciphered and read by using the associated private key, which is also made of a long string of random numbers.

This private key is secret and is known only to the recipient. As the public key is published for all the world to see.


Most Android devices have hardware support for AES via ARMv8 Cryptography Extensions. However for low-end devices, this is not supported, AES is slow.

Adiantum is Google's solution, which uses uses a fast hash (NH + Poly1305) and a fast stream cipher (XChaCha12).