- successor of Data Encryption Standard (DES)
- symmetric-key algorithm
- can be accelerated by hardware (like graphics can be accelerated by GPU), supported by instruction set extensions in Intel Core i3/i5/i7, AMD Ryzen CPUs, ARMv8.
- AE: Authenticated Encryption
- AEAD: Authenticated Encryption with Associated Data
AEAD: authenticity (who the sender is) and integrity (the data has not been tampered with) of that data, but not its secrecy
AEAD vs MAC:
- AEAD: encrypts data and ensures the authenticity
- MAC: does not encrypt, but ensures that data is authentic
- MAC: message authentication code. (A.k.a a tag)
- HMAC: hash-based message authentication code, using a cryptographic hash function like SHA-3, which results in a name like HMAC-SHA3-256.
Purpose: confirm (1) the message came from the stated sender (2) the message has not been changed.
Or Message Digest
- transform a sequence of bits into a fixed sequence of bits.
- a one-way, non-invertible function
Input and output:
- input data: message(any string)
- output: message digest(the hash value).
Methods: (SHA = Secure Hash Algorithm)
- SHA-1 (1995): 160-bit (20-byte). Deprecated. All major browsers stopped accepting SHA-1 SSL certificates by 2017.
- SHA-2 (2001): a family of six hash functions,
SHA-512/256(numbers are num of bits).
- SHA-3 (2015):
- MD5: 128bit, used as a checksum to verify data integrity, but only against unintentional corruption.
SHA-256share the same specification, but use different initial hash values, and the final hash value is truncated to 224 bits for
- similar to
SHA-512/256, except that the final hash value is truncated to 224 bits for SHA-512/224, 256 bits for SHA- 512/256 or 384 bits for SHA-384.
SHA-256is faster on 32-bit hardware
Most Android devices have hardware support for AES via ARMv8 Cryptography Extensions. However for low-end devices, this is not supported, AES is slow.
Adiantum is Google's solution, which uses uses a fast hash (NH + Poly1305) and a fast stream cipher (XChaCha12).