# Encryption

Updated: 2021-02-21

## AES

AES: Advanced Encryption Standard.

- successor of Data Encryption Standard (DES)
- symmetric-key algorithm
- can be accelerated by hardware (like graphics can be accelerated by GPU), supported by instruction set extensions in Intel Core i3/i5/i7, AMD Ryzen CPUs, ARMv8.

## AEAD

**AE**: Authenticated Encryption**AEAD**: Authenticated Encryption with Associated Data

AEAD: authenticity (who the sender is) and integrity (the data has not been tampered with) of that data, but not its secrecy

AEAD vs MAC:

**AEAD**: encrypts data and ensures the authenticity**MAC**: does not encrypt, but ensures that data is authentic

## MAC

**MAC**: message authentication code. (A.k.a a*tag*)**HMAC**: hash-based message authentication code, using a cryptographic hash function like SHA-3, which results in a name like HMAC-SHA3-256.

Purpose: confirm (1) the message came from the stated sender (2) the message has not been changed.

## Cryptographic hash function

Or Message Digest

- transform a sequence of bits into a fixed sequence of bits.
- a one-way, non-invertible function

Input and output:

- input data: message(any string)
- output: message digest(the hash value).

Methods: (SHA = Secure Hash Algorithm)

**SHA-1**(1995): 160-bit (20-byte). Deprecated. All major browsers stopped accepting SHA-1 SSL certificates by 2017.**SHA-2**(2001): a family of six hash functions,`SHA-224`

,`SHA-256`

,`SHA-384`

,`SHA-512`

,`SHA-512/224`

,`SHA-512/256`

(numbers are num of bits).**SHA-3**(2015):`SHA3-224`

,`SHA3-256`

,`SHA3-384`

,`SHA3-512`

,`SHAKE128`

,`SHAKE256`

**MD5**: 128bit, used as a checksum to verify data integrity, but only against unintentional corruption.

Notes:

`SHA-224`

and`SHA-256`

share the same specification, but use different initial hash values, and the final hash value is truncated to 224 bits for`SHA-224`

.- similar to
`SHA-512`

,`SHA-384`

,`SHA-512/224`

and`SHA-512/256`

, except that the final hash value is truncated to 224 bits for SHA-512/224, 256 bits for SHA- 512/256 or 384 bits for SHA-384. `SHA-256`

is faster on 32-bit hardware

## Adiantum

Most Android devices have hardware support for AES via ARMv8 Cryptography Extensions. However for low-end devices, this is not supported, AES is slow.

Adiantum is Google's solution, which uses uses a fast hash (NH + Poly1305) and a fast stream cipher (XChaCha12).

github.com/google/adiantum