Feb 21 2021

Ciphersuite Memo

I'm sorry if you landed in this keywords soup only to find it not helpful.

• Key Exchange

  • DH (Diffie-Hellman): \(g^{xy} = (g^x)^y = (g^y)^x\)
  • ECDH (Elliptic-Curve DH)
  • ECDHE (ECDH Ephemeral)
  • DHE (DH Ephemeral)
  • RSA (Encryption): Generate a random bitstream and share it with the peer by encrypting using peer's RSA public key.

  A related concept is PFS (Perfect Forward Secrecy). DH offers PFS while RSA cannot.

• Authentication
  Also known as key-signing. Commonly used together with the PKI(Public Key Infrastructure).

  • RSA (Signing)
  • DSA (Digital signature algorithm)
  • ECDSA (Elliptic-Curve DSA)

• Encryption
  Used for data confidentiality.

  • RSA (Encryption): The famous asymmetric encryption algorithm.
  • AES (Advanced Encryption Standard): A block cipher.
  • Chacha: A stream cipher.
  • and more…

  A related concept is mode of operation,which turns a block cipher to a stream cipher. CBC is a commonly used one. When it's used with AES, it's expressed as AES-CBC

• Message authentication
  Used for data integrity. These algorithms are also called MAC(Message authentication code).

  • Various Hash algorithms, including the famous SHA family.
  • HMAC (Hash-based MAC): They uses a hash function inside and allows a “password” to be specified.
  • Poly1305

• Authenticated Encryption (AE)
  Combines confidentiality and integrity. Wikipedia: Authenticated Encryption.

  • EtM (Encrypt-then-MAC): A secure way to combine encryption algorithms with MAC algorithms.
  • GCM (Galois/Counter Mode): A mode of operation, when paired with a block cipher, offers AE (actually AEAD) in one step.

  Some commonly used AE methods:

  • AES-CBC with an HMAC e.g.AES128-CBC-HMAC-SHA256.
  • ChaCha20 with Poly1305.
  • AES-GCM

• Authenticated Encryption with Associated Data (AEAD)
  Similar to AE, but allows extra unencrypted data (associated data) to be authenticated. Roughly speaking:

  ciphertext = Encrypt(plaintext)
  auth_tag = Mac(associated_data + ciphertext)

  A common use case for AEAD is when encrypting a network packet, you want the packet header to stay unencrypted (for network routing purposes) but still authenticated.

• Note about DH and curves of EC-based algorithms
  DH-based algorithms may have a “Group” option, which specifies a prime field or an elliptic curve. If a prime field is used, such as modp2048, it's normal DH. If an elliptic curve group is used, such as ecp256, it's EC-based DH.
  Some other curves may be used:

  • Curve25519
  • Edwards curve as in EdDSA and Ed25519

Programming

Memo, Cryptography