Symmetric algorithms
NanoCrypto supports a variety of symmetric cryptographic operations:
Digest algorithms
Digest algorithms are “one-way” functions that can turn a large message or data set into a small byte string known as a digest, hash, or tag. It is mathematically infeasible to reverse this operation. The Message Digest (MD) algorithms or Secure Hash Algorithms (SHA) are two examples of such functions.
NanoCrypto includes MD4, MD5 and SHA1 for legacy purposes, although these are no longer deemed secure. Applications should use SHA2, SHA3, or BLAKE2.
For SHA2 or SHA3 we typically write the size of the digest in bits after the algorithm. For example, we support SHA2-224, SHA2-256, SHA2-384, and SHA2-512. Sometimes these are abbreviated to just SHA256. And finally, SHA3 includes two modes called SHAKE128 and SHAKE256. These are extendable output modes in that the size of the output digest may be chosen by the user.
MAC algorithms
MAC stands for “Message Authentication Code” or “Message Authentication Checksum”. Sometimes people refer to them as “signatures” that use a symmetric key.
NanoCrypto supports HMAC, the most popular MAC. The H stands for “hash-based”. The data and the key are digested using a cryptographic hash function, also known as a message digest algorithm. In addition, NanoCrypto supports CMAC, Poly1305, and BLAKE2 as MAC algorithms.
Generally, a “sender” generates a new key and creates the HMAC of the data in question. The data and MAC result are sent to a recipient. How the key is distributed is determined by the app or protocol.
The recipient loads the key and performs the same HMAC operation. After computing the MAC, the receiver compares the result with the MAC the sender sent. If they are the same, the MAC verifies.
Incidentally, some protocols that call for an HMAC require the sender to derive a key from a master key or value, rather than generate a new one. For example, a protocol might define key exchange as Diffie-Hellman and the shared secret is the base from which symmetric keys and HMAC keys are derived.
Encryption algorithms
There are two types of symmetric encryption algorithms: block ciphers and stream ciphers. A stream cipher can process any length of data, and a block cipher can only operate on blocks of data (AES has a block size of 16 bytes), so that the total input must be a multiple of the block size (or padded to a multiple if the actual data is not). A stream cipher is similar to a “one-time pad”, which means the pad (or, with a stream cipher, the key) can only be used once. Block ciphers can reuse keys.
With a block cipher, each block of data is encrypted independently. That is, the algorithm encrypts a block, then starts over to encrypt the next block. If some plaintext contains the same block of data twice, each block will produce the same ciphertext. An attacker seeing the same block of ciphertext in multiple locations will have more information to break the message. To prevent this, block ciphers work with feedback modes (CBC, OFB, etc.). These help to make sure the same block of plaintext is altered before encrypting so that the ciphertext is not the same. Note that some feedback modes “convert” the block cipher into a stream cipher, so the programmer must understand the feedback modes in order to properly use them.
The commonly used modes are as follows:
Electronic Code Book (ECB): Encrypts each block without any pre- or post-processing; there is no feedback mode.
Cipher Block Chaining (CBC): The first block of ciphertext is XOR’d with an initialization vector (a non-secret, random block of bytes, aka IV), and then the result is encrypted. Thereafter, each block of plaintext is XOR’d with the previous block of ciphertext to alter it before it is encrypted.
Cipher Feedback (CFB): Converts a block cipher to stream cipher, then encrypt the previous ciphertext, and then XORs the result with the current plaintext to produce the next block of ciphertext. Uses an IV for the first block.
Output Feedback (OFB): Converts a block cipher to stream cipher, then encrypts an IV to get the first XOR block. The plaintext is then XOR’d with that XOR block. For each encryption step, the previous XOR block is encrypted to get the next XOR block, which is used to XOR the next block of plaintext.
Counter (CTR): Converts a block cipher to a stream cipher, and then encrypts an IV to produce an XOR block and XOR with the plaintext. The IV is incremented by one to get the next counter block, which is encrypted and XOR’d with the plaintext, and then the counter block is incremented.
AEAD algorithms
Authenticated Encryption with Associated Data (AEAD) algorithms perform two operations (that of an encryption algorithm and that of a MAC algorithm) to both secure and authenticate data at the same time. These algorithms are more performant than doing those operations separately. Additional data (i.e., “associated” data) may also be processed in the authentication steps of the algorithm. The final MAC value is commonly also called a “tag”.
Galois Counter Mode (AES-GCM): The underlying encryption algorithm is AES-CTR, but the authentication steps involve treating each cipher text block of 128 bits as an element in the Galois Finite Field with 2^128 elements. Each block is operated on via field addition (which is a simple XOR) and field multiplications by a generated hashing key h.
CHACHA20-POLY1305: The underlying encryption algorithm is a stream cipher with 20 rounds known as ChaCha20. The authentication portion involves evaluation of polynomials over the finite field of p = 2130-5 elements. Each 16-byte block of the ciphertext is treated as coefficients to one such polynomial.