Practical Cryptography for Developers
master-zh
master-zh
  • Welcome
  • 前言
  • 密码学——概述
  • 哈希函数
    • 加密哈希和碰撞
    • 哈希函数:应用场景
    • 安全哈希算法
    • 哈希函数——示例
    • 练习:计算哈希值
    • 工作量证明(Proof-of-Work)哈希函数
  • MAC 和密钥派生
    • HMAC 与密钥派生
    • HMAC 计算——示例
    • 练习:计算 HMAC
    • KDF: Deriving Key from Password
    • PBKDF2
    • Modern Key Derivation Functions
    • Scrypt
    • Bcrypt
    • Linux crypt()
    • Argon2
    • Secure Password Storage
    • Exercises: Password Encryption
  • Secure Random Generators
    • Pseudo-Random Numbers - Examples
    • Secure Random Generators (CSPRNG)
    • Exercises: Pseudo-Random Generator
  • Key Exchange and DHKE
    • Diffie–Hellman Key Exchange
    • DHKE - Examples
    • Exercises: DHKE Key Exchange
  • Encryption: Symmetric and Asymmetric
  • Symmetric Key Ciphers
    • Cipher Block Modes
    • Popular Symmetric Algorithms
    • The AES Cipher - Concepts
    • AES Encrypt / Decrypt - Examples
    • Ethereum Wallet Encryption
    • Exercises: AES Encrypt / Decrypt
    • ChaCha20-Poly1305
    • Exercises: ChaCha20-Poly1305
  • Asymmetric Key Ciphers
    • The RSA Cryptosystem - Concepts
    • RSA Encrypt / Decrypt - Examples
    • Exercises: RSA Encrypt / Decrypt
    • Elliptic Curve Cryptography (ECC)
    • ECDH Key Exchange
    • ECDH Key Exchange - Examples
    • Exercises: ECDH Key Exchange
    • ECC Encryption / Decryption
    • ECIES Hybrid Encryption Scheme
    • ECIES Encryption - Example
    • Exercises: ECIES Encrypt / Decrypt
  • Digital Signatures
    • RSA Signatures
    • RSA: Sign / Verify - Examples
    • Exercises: RSA Sign and Verify
    • ECDSA: Elliptic Curve Signatures
    • ECDSA: Sign / Verify - Examples
    • Exercises: ECDSA Sign and Verify
    • EdDSA and Ed25519
    • EdDSA: Sign / Verify - Examples
    • Exercises: EdDSA Sign and Verify
  • Quantum-Safe Cryptography
    • Quantum-Safe Signatures - Example
    • Quantum-Safe Key Exchange - Example
    • Quantum-Safe Asymmetric Encryption - Example
  • More Cryptographic Concepts
    • Digital Certificates - Example
    • TLS - Example
    • One-Time Passwords (OTP) - Example
  • Crypto Libraries for Developers
    • JavaScript Crypto Libraries
    • Python Crypto Libraries
    • C# Crypto Libraries
    • Java Crypto Libraries
  • Conclusion
Powered by GitBook
On this page
  • AES (Rijndael)
  • Salsa20 / ChaCha20
  • Other Popular Symmetric Ciphers
  • Insecure Symmetric Algorithms
  • Symmetric Encryption Schemes / Constructions

Was this helpful?

  1. Symmetric Key Ciphers

Popular Symmetric Algorithms

PreviousCipher Block ModesNextThe AES Cipher - Concepts

Last updated 5 years ago

Was this helpful?

Symmetric key encryption algorithms (like AES) are designed by mathematicians and cryptographers with the idea, that it should be infeasible to decrypt the ciphertext without having the encryption key. This is true for the modern secure symmetric encryption algorithms (like AES and ChaCha20) and may be disputable or false for others, which are considered insecure symmetric encryption algorithms (like DES and RC4).

Some popular symmetric encryption algorithms are: AES, ChaCha20, CAST, Twofish, IDEA, Serpent, RC5, RC6, Camellia and ARIA. All these algorithms are considered secure (when configured and used correctly).

AES (Rijndael)

(Advanced Encryption Standard, also known as Rijndael) is the most popular and widely used symmetric encryption algorithm in the modern IT industry. This is because AES is proven to be highly secure, fast and well standardised and very well supported on virtually all platforms. AES is 128-bit block cipher and uses 128, 192 or 256-bit secret keys. It is usually used in a block mode like AES-CTR or AES-GCM to process streaming data. In the most block modes AES require also a random 128-bit initial vector (IV, nonce).

Rijndael was the winner in the (1997-2000) and it was announced officially under the name "AES" (the next official symmetric block cipher after DES). In 2001 AES was adopted as official recommendation by the US government and no significant weakness or attack was found since this moment.

The Rijndael (AES) algorithm is free for any use: public or private, commercial or non-commercial.

Salsa20 / ChaCha20

, along with its improved variants ChaCha (ChaCha8, ChaCha12, ChaCha20) and XSalsa20, are a family of modern, fast, symmetric stream ciphers, designed by the distinguished cryptographer . The Salsa20 cipher was one of the finalists in the for designing of new symmetric stream ciphers (2004-2008) and was widely adopted afterwards, together with the related BLAKE hash function. Salsa20 and its variants are royalty-free, not patented.

The Salsa20 cipher takes as input a 128-bit or 256-bit symmetric secret key + randomly generated 64-bit nonce (initial vector) and a stream of data of unlimited length and produces as output an encrypted stream of data with the same length as the input stream. The Salsa20 cipher is typically used as authenticated encryption construction: .

Other Popular Symmetric Ciphers

Other modern secure symmetric ciphers, used more rarely than EAS and ChaCha20, but still popular in the software developer and information security communities, are the following:

  • - secure symmetric-key block cipher (key size: 128, 192 or 256 bits), public domain, not patented

  • - secure symmetric-key block cipher (key sizes: 128, 192 or 256 bits), royalty-free, not patented

  • - secure symmetric key block cipher (block size: 128 bits; key sizes: 128, 192 and 256 bits), patented, but free for non-commercial use

  • - secure symmetric-key block cipher (key size: 128 to 2040 bits; block size: 32, 64 or 128 bits; rounds: 1 ... 255), insecure with short keys (56-bit key successfully brute-forced), was patented until 2015, now royalty-free

  • - secure symmetric-key block cipher, similar to RC5, but more complicated (key size: 128 to 2040 bits; block size: 32, 64 or 128 bits; rounds: 1 ... 255), was patented until 2017, now royalty-free

  • - secure symmetric-key block cipher (key size: 128 bits), was patented until 2012, now royalty-free

  • (, ) - family of secure symmetric-key block ciphers (key sizes: 40 ... 256 bits), royalty-free basis for commercial and non-commercial use

  • - secure symmetric-key block cipher, similar to AES (key size: 128, 192 or 256 bits), official standard in South Korea, free for public use

  • - secure symmetric-key block cipher, similar to AES (key size: 128 bits), official standard in China, free for public use

Insecure Symmetric Algorithms

Some other symmetric encryption algorithms were popular in the past, but are now considered insecure (broken algorithms) or having disputable security and are not recommended to be used any more:

Symmetric Encryption Schemes / Constructions

In addition to the above mentioned symmetric key ciphers, cryptographers have proposed many symmetric encryption schemes (constructions), like the most popular authenticated encryption (AEAD) schemes:

    • The ChaCha20 stream cipher with integrated Poly1305 authenticator (integrated authenticated AEAD encryption)

    • Requires a 256-bit key and random 96-bit nonce

    • Extremely high performance

    • Implemented by the most modern crypto-libraries

    • AES-GCM is the AES (Rijndael) block cipher in GCM block mode (integrated authenticated AEAD encryption), behaves like a stream cipher

    • Required 256-bit key and random 128-bit nonce (initial vector)

    • Implemented by the most modern crypto libraries

Most applications today should prefer some of the above encryption schemes for symmetric encryption, instead of constructing their own encryption scheme. The above schemes are highly-secure, proven, well tested and come out-of-the box from the crypto libraries.

- 56-bit key size, practically broken, can be brute-forced

(Triple DES) - 64-bit cipher, considered broken

- 64-bit cipher, considered broken

- stream cipher, broken, practical attacks demonstrated

- old 64-bit cipher, broken, practical attacks demonstrated

- Russian 64-bit block cipher, disputable security, considered risky

Note that ChaCha20-Poly1305 is high-performance cipher ( than AES-128-GCM on mobile devices), so it is recommended to be used instead of AES-GCM.

AES
AES competition organized by NIST
Salsa20
Daniel Bernstein
eSTREAM contest
ChaCha20-Poly1305
Serpent
Twofish
Camellia
RC5
RC6
IDEA
CAST
CAST-128 / CAST5
CAST-256 / CAST6
ARIA
SM4
DES
3DES
RC2
RC4
Blowfish
GOST
ChaCha20-Poly1305
AES-256-GCM
3 times faster