Cryptology Engine

Encryption

AES, ChaCha20, RSA and other encryption algorithms

What is Encryption?

Encryption is the process of converting readable data (plaintext) into encrypted data (ciphertext) to protect it from unauthorized access. To make a simple analogy, encryption is like a safe lock - only those with the correct key can see the contents. Modern encryption algorithms are critical for secure communication over the internet, data storage, financial transactions, and protection of personal information.

Use Cases

  • Secure internet communication (HTTPS, VPN)
  • Data storage and backup
  • Email security
  • Mobile application security
  • Financial transactions
  • Cloud storage encryption
  • Messaging applications
Key Features
  • Confidentiality
  • Data integrity
  • Authentication
  • Key management
  • Performance optimization
Algorithm Comparison
Algorithm
Security
Speed
Use Cases
AES-GCM-256Very HighFast
Disk encryptionVPNSSL/TLSGeneral-purpose encryptionSlightly slower than AES-GCM-128
AES-GCM-128Very HighVery Fast
Web applicationsSSL/TLSGeneral-purpose encryption
AES-CTR (+HMAC)For secure use: encrypt-then-MAC, separate keys, unique nonce, and AAD if needed are mandatory.Very Fast
High-performance applicationsMust be used with HMACEncrypt-then-MAC scheme required
ChaCha20-Poly1305Very HighVery Fast
Mobile applicationsHigh-performance applications
AES-SIVVery HighFast
Nonce-misuse resistant applicationsSlower than GCM/ChaCha20-Poly1305 but misuse-resistant

* Comparisons are relative to reference/hardware acceleration on 64-bit CPU

AEAD (Authenticated Encryption)

Modern algorithms that provide both encryption and authentication. Guarantees both data integrity and confidentiality together.

AES-GCM
AES-CCM
AES-SIV
ChaCha20-Poly1305

Symmetric Stream/Block Modes (Unauthenticated)

Modes that provide only encryption. No authentication - must be used together with MAC (HMAC, Poly1305, etc.).

AES-CBC
AES-CTR
AES-CFB
AES-OFB
Salsa20

Asymmetric Encryption

Algorithms that use different keys for encryption and decryption. Typically used for key exchange or small data encryption.

RSA-OAEP

Key Wrap

Algorithms designed for key wrapping. Should not be used for data encryption - only used to securely wrap other keys.

AES-KW

Legacy & Insecure

Older encryption algorithms no longer considered secure. Used only for backward compatibility. For 3DES: NIST SP 800-131A - Disapproved for use in applications.

DES
3DES
Related Standards
  • FIPS PUB 197
  • NIST SP 800-38A
  • NIST SP 800-38D
  • NIST SP 800-38C
  • RFC 5116
  • RFC 8017
  • NIST SP 800-131A