Modern Encryption Algorithms

Technical Explanation

Symmetric algorithms operate using a shared secret key K to transform plaintext P into ciphertext C through an encryption function E, where C = E(K,P). The same key is used in the decryption function D to recover the plaintext: P = D(K,C).

These algorithms typically employ substitution-permutation networks, Feistel networks, or AES-specific structures. Security depends on key length, with modern systems requiring at least 128 bits, and algorithm design resistance to various cryptanalytic attacks including differential, linear, and side-channel approaches.

Performance is a key advantage, with throughput reaching gigabytes per second on modern hardware, especially with AES-NI acceleration.

Technical Explanation

Asymmetric cryptosystems rely on trapdoor one-way functions—mathematical operations easy to perform in one direction but computationally infeasible to reverse without special knowledge (the private key). The security of these systems depends on mathematical hardness assumptions such as the difficulty of integer factorization (RSA), the discrete logarithm problem (DSA), or finding elliptic curve discrete logarithms (ECDSA, EdDSA).

For a key pair (pk, sk) where pk is public and sk is private, encryption of plaintext P is computed as C = E(pk, P) and decryption as P = D(sk, C). Algorithmic efficiency varies significantly; RSA operations scale with O(k³) where k is key length, while elliptic curve operations can achieve similar security with smaller keys and better performance profiles.

These algorithms are typically 2-3 orders of magnitude slower than symmetric encryption, making them unsuitable for bulk data encryption but excellent for key exchange and authentication.

Technical Explanation

AES (Rijndael) is a substitution-permutation network operating on 128-bit blocks with key sizes of 128, 192, or 256 bits. The algorithm processes data through 10, 12, or 14 rounds respectively, where each round applies four operations: SubBytes (non-linear substitution via S-box), ShiftRows (transposition), MixColumns (mixing operation using matrix multiplication over GF(2⁸)), and AddRoundKey (XOR with round key).

Key schedule expands the master key into round keys using a key expansion routine. Side-channel resistance has been extensively studied, leading to constant-time implementations to prevent timing attacks. Despite extensive cryptanalysis, the best known attacks against full AES remain theoretical and require computational resources exceeding practical feasibility, with the notable exception of side-channel attacks against specific implementations.

AES can be used in various modes of operation including ECB (not recommended for most purposes), CBC, CTR, GCM, and XTS (for disk encryption), each with different security properties and IV/nonce requirements.

Technical Explanation

ChaCha20 is an ARX (Add-Rotate-XOR) based stream cipher from the Salsa family designed by Daniel J. Bernstein. It operates on a 512-bit state arranged as a 4×4 matrix of 32-bit words, performing 20 rounds of operations. Each round consists of column-quarter-rounds followed by diagonal-quarter-rounds where a quarter-round applies a sequence of 32-bit additions, rotations, and XORs to update four state words.

Poly1305 is a universal hash function that produces a 128-bit authentication tag using a one-time key derived partially from the ChaCha20 key. When combined as ChaCha20-Poly1305 AEAD (Authenticated Encryption with Associated Data), the construction encrypts data with ChaCha20 and authenticates both the ciphertext and any associated data with Poly1305.

The construction offers 256-bit security with significant performance benefits on platforms without AES hardware acceleration. It uses a 96-bit nonce and requires careful implementation to avoid nonce reuse, which would be catastrophic to security.

Technical Explanation

RSA's security relies on the integer factorization problem. Key generation involves selecting two large primes p and q, computing their product n = pq (the modulus), and deriving the public exponent e and private exponent d such that ed ≡ 1 (mod φ(n)) where φ(n) = (p-1)(q-1) is Euler's totient function.

Encryption of message m is computed as c = m^e mod n, while decryption recovers m = c^d mod n. In practice, RSA is usually implemented with padding schemes such as PKCS#1 v1.5 or preferably OAEP (Optimal Asymmetric Encryption Padding) to prevent attacks like Bleichenbacher's. For signatures, PSS (Probabilistic Signature Scheme) is recommended over older PKCS#1 v1.5 padding.

Current security recommendations suggest a minimum 2048-bit modulus, with 3072 bits or more for long-term security. RSA operations scale poorly with key size: O(k³) for k-bit keys, making implementations with very large keys computationally expensive compared to elliptic curve alternatives.

Technical Explanation

ECC's security is based on the elliptic curve discrete logarithm problem (ECDLP). Given points P and Q = kP on an elliptic curve E, where k is a scalar and P is a generator point, it is computationally infeasible to determine k given only P and Q for well-chosen curves and sufficiently large groups.

The primary ECC algorithms include ECDH (Elliptic Curve Diffie-Hellman) for key agreement, ECDSA (Elliptic Curve Digital Signature Algorithm) and EdDSA (Edwards-curve Digital Signature Algorithm) for signatures. ECDSA provides shorter signatures than RSA for equivalent security levels, while Edwards curves used in EdDSA offer additional performance benefits and resistance to certain side-channel attacks.

While the NSA's Suite B initially endorsed ECC, concerns about potential backdoors in the NIST curves have led to the adoption of alternative curves such as Curve25519 for ECDH (X25519) and Ed25519 for signatures. These curves, designed by Daniel J. Bernstein, offer strong security properties and simpler, more efficient implementation. The implementation complexity of ECC makes it susceptible to side-channel attacks if not carefully implemented, though newer curve designs help mitigate this risk.

Technical Explanation

Hybrid encryption typically employs key encapsulation mechanism (KEM) and data encapsulation mechanism (DEM) constructs. For a sender encrypting a message m for a recipient with public key pk:

1. Generate a random symmetric key K
2. Encrypt m with K using a symmetric algorithm: c₁ = Sym_Enc(K, m)
3. Encrypt K with the recipient's public key: c₂ = Asym_Enc(pk, K)
4. Transmit the ciphertext pair (c₁, c₂)

For decryption, the recipient:
1. Uses their private key sk to recover K = Asym_Dec(sk, c₂)
2. Decrypts the message m = Sym_Dec(K, c₁)

This approach combines the asymptotic efficiency of symmetric cryptography (O(n) with message size) with the key management benefits of asymmetric systems. Modern protocols like TLS 1.3 use ephemeral Diffie-Hellman key exchange (DHE or ECDHE) to establish forward secrecy, meaning the compromise of long-term keys cannot retroactively decrypt past communications.