Cryptography is a method of protecting information and communications through the use of codes so that only those for whom the information is intended can decrypt and it. The pre-fix “crypt” means “hidden” or “vault” and the suffix “graphy” stands for “writing.”
Modern cryptography concerns itself with the following four objectives:
- Confidentiality: the information cannot be understood by anyone for whom it was not intended for
- Integrity: the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected
- Non-repudiation: the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information
- Authentication: the sender and receiver can confirm each other’s identity and the origin/destination of the information
Procedures and protocols that meet some or all of the above criteria are known as cryptosystems. Cryptosystems are often thought to refer only to mathematical procedures and computer programs; however, they also include the regulation of human behavior, such as choosing hard-to-guess passwords, logging off unused systems, and not discussing sensitive procedures with outsiders.
- Single-part signature: Ed25519
- Multi-part signature: Ed25519ph
- BLAKE2B — BLAKE2 is a cryptographic hash function faster than MD5, SHA-1, SHA-2, and SHA-3, yet is at least as secure as the latest standard SHA-3. Optimized for 64-bit platforms — including NEON-enabled ARMs — and produces digests of any size between 1 and 64 bytes
- X25519 — Ephemeral Key Pair — Computes a secret shared between the sender and receiver, using the sender’s secret key and the receiver’s public key (or vice versa)
Authenticated Encryption with Additional Data
- Encrypts a message with a key and a nonce to keep it confidential
- Computes an authentication tag. This tag is used to make sure that the message, as well as optional, non-confidential (non-encrypted) data, haven’t been tampered with.
The XChaCha20-Poly1305-IETF construction can safely encrypt a practically unlimited number of messages with the same key, without any practical limit to the size of a message (up to ~ 2⁶⁴ bytes). As an alternative to counters, its large nonce size (192-bit) allows random nonces to be safely used.