# Ciphersuite Memo

I'm sorry if you landed in this keywords soup only to find it not helpful.

**Key Exchange**- DH (Diffie-Hellman): g^{xy} = {g^x}^y = {g^y}^x
- ECDH (Elliptic-Curve DH)
- ECDHE (ECDH Ephemeral)
- DHE (DH Ephemeral)
- RSA (Encryption): Generate a random bitstream and share it with the peer by encrypting using peer's RSA public key.

A related concept is PFS (Perfect Forward Secrecy). DH offers PFS while RSA cannot.

**Authentication**

Also known as key-signing. Commonly used together with the PKI(Public Key Infrastructure).- RSA (Signing)
- DSA (Digital signature algorithm)
- ECDSA (Elliptic-Curve DSA)

**Encryption**

Used for data confidentiality.- RSA (Encryption): The famous asymmetric encryption algorithm.
- AES (Advanced Encryption Standard): A block cipher.
- Chacha: A stream cipher.
- and more…

A related concept is mode of operation,which turns a block cipher to a stream cipher. CBC is a commonly used one. When it's used with AES, it's expressed as

`AES-CBC`

**Message authentication**

Used for data integrity. These algorithms are also called MAC(Message authentication code).- Various Hash algorithms, including the famous SHA family.
- HMAC (Hash-based MAC): They uses a hash function inside and allows a “password” to be specified.
- Poly1305

**Authenticated Encryption (AE)**

Combines confidentiality and integrity. Wikipedia: Authenticated Encryption.- EtM (Encrypt-then-MAC): A secure way to combine encryption algorithms with MAC algorithms.
- GCM (Galois/Counter Mode): A mode of operation, when paired with a block cipher, offers AE (actually AEAD) in one step.

Some commonly used AE methods:

- AES-CBC with an HMAC e.g.
`AES128-CBC-HMAC-SHA256`

. - ChaCha20 with Poly1305.
- AES-GCM

**Authenticated Encryption with Associated Data (AEAD)**

Similar to AE, but allows extra unencrypted data (associated data) to be authenticated. Roughly speaking:`ciphertext = Encrypt(plaintext) auth_tag = Mac(associated_data + ciphertext)`

A common use case for AEAD is when encrypting a network packet, you want the packet header to stay unencrypted (for network routing purposes) but still authenticated.

**Note about DH and curves of EC-based algorithms**

DH-based algorithms may have a “Group” option, which specifies a prime field or an elliptic curve. If a prime field is used, such as`modp2048`

, it's normal DH. If an elliptic curve group is used, such as`ecp256`

, it's EC-based DH.

Some other curves may be used:- Curve25519
- Edwards curve as in EdDSA and Ed25519