From 1a34a83d984777c144ce55032c5b0f32cfd3b6ba Mon Sep 17 00:00:00 2001 From: Omar Santos Date: Mon, 18 Sep 2023 17:01:39 -0400 Subject: [PATCH] Update crypto_algorithms.md --- crypto/crypto_algorithms.md | 328 ++++++++++-------------------------- 1 file changed, 89 insertions(+), 239 deletions(-) diff --git a/crypto/crypto_algorithms.md b/crypto/crypto_algorithms.md index e5b7c16..beece10 100644 --- a/crypto/crypto_algorithms.md +++ b/crypto/crypto_algorithms.md @@ -1,252 +1,102 @@ # Cryptographic Algorithms +Let's go over the most common encryption and hashing algorithms, and compare them. + +## Hashing Algorithms +The folloing table that compares some of the most well-known hashing algorithms, along with an indication of whether they are considered to be post-quantum resistant. + +| Algorithm Name | Output Size (bits) | Cryptographic | Post-Quantum Ready | +|----------------|--------------------|---------------|-------------------| +| MD5 | 128 | Yes | No | +| SHA-1 | 160 | Yes | No | +| SHA-256 | 256 | Yes | No | +| SHA-3 | 224, 256, 384, 512 | Yes | Yes (believed to) | +| BLAKE2 | 256, 512 | Yes | Yes (believed to) | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
AlgorithmOperationStatusAlternativeQCR
DESEncryptionAvoidAES
3DESEncryptionLegacyAES
RC4EncryptionAvoidAES
-

AES-CBC mode

-

AES-GCM mode

-
-

Encryption

-

Authenticated encryption

-
-

Acceptable

-

NGE

-
-

AES-GCM

-

-
-

✓ (256-bit)

-

✓ (256-bit)

-
-

DH-768, -1024

-

RSA-768, -1024

-DSA-768, -1024
-

Key exchange

-

Encryption

-

Authentication

-
-

Avoid

-
-

DH-3072 (Group 15)

-

RSA-3072

-DSA-3072
-

-

-

-
-

DH-2048

-

RSA-2048

-DSA-2048
-

Key exchange

-

Encryption

-

Authentication

-
-

Acceptable

-
-

ECDH-256

-

-ECDSA-256
-

-

-

-
-

DH-3072

-

RSA-3072

-

DSA-3072

-
-

Key exchange

-

Encryption

-

Authentication

-
Acceptable -

ECDH-256

-

-ECDSA-256
-

-

-

-
MD5IntegrityAvoidSHA-256
-

SHA-1

-
-

Integrity

-
-

Legacy

-
-

SHA-256

-
-

SHA-256

-

SHA-384

-

SHA-512

-
-

Integrity

-
-

NGE

-
-

SHA-384

-

-

-
-

-

-

-
HMAC-MD5IntegrityLegacyHMAC-SHA-256
HMAC-SHA-1IntegrityAcceptableHMAC-SHA-256
HMAC-SHA-256IntegrityNGE
-

ECDH-256

-ECDSA-256
-

Key exchange

-

Authentication

-
-

Acceptable

-
-

ECDH-384

-ECDSA-384
-

-

-
-

ECDH-384

-ECDSA-384
-

Key exchange

-

Authentication

-
-

NGE

-
-

-

-
-

-

-
-

1. QCR = quantum computer resistant.

- -

2. NGE = next generation encryption.

-
+ +1. **MD5**: An older cryptographic hash function that produces a 128-bit hash value. It is no longer considered secure against well-funded attackers. +2. **SHA-1**: A cryptographic hash function that produces a 160-bit hash value. It is no longer considered secure against well-funded attackers. +3. **SHA-256**: A member of the SHA-2 family, it produces a 256-bit hash value and is currently considered secure. +4. **SHA-3**: The latest member of the Secure Hash Algorithm family, it allows for variable output sizes and is believed to be secure against quantum attacks. +5. **BLAKE2**: A cryptographic hash function that is faster than MD5, SHA-1, and SHA-256, and is believed to be secure against quantum attacks. + +The "Post-Quantum Ready" column is based on current beliefs and knowledge, and the landscape of cryptography is always evolving, especially with the advent of quantum computing. It is recommended to stay updated with the latest research and guidelines from organizations like the [National Institute of Standards and Technology (NIST) for the most accurate information](https://csrc.nist.gov/projects/post-quantum-cryptography). -- Avoid: Algorithms that are marked as Avoid do not provide adequate security against modern threats and should not be used to protect sensitive information. It is recommended that these algorithms be replaced with stronger algorithms. +### HMAC (Hash-Based Message Authentication Code) Implementations and Post-Quantum Readiness -- Legacy: Legacy algorithms provide a marginal but acceptable security level. They should be used only when no better alternatives are available, such as when interoperating with legacy equipment. It is recommended that these legacy algorithms be phased out and replaced with stronger algorithms. +| HMAC Implementation | Description | Post-Quantum Ready (PQR) | +|---------------------|--------------------------------------------------------------------------------------------------|---------------------------| +| HMAC-MD5 | Uses the MD5 hash function. It is not recommended for further use as MD5 is considered broken. | No | +| HMAC-SHA1 | Utilizes the SHA-1 hash function. Considered weak due to vulnerabilities in SHA-1. | No | +| HMAC-SHA256 | Based on the SHA-256 function, part of the SHA-2 family. Currently considered secure. | Possibly | +| HMAC-SHA3 | Uses the SHA-3 hash function, which is currently considered secure and resistant to quantum attacks. | Yes (believed to be) | +| HMAC-BLAKE2 | Implemented with the BLAKE2 hash function, believed to be secure and potentially resistant to quantum attacks. | Yes (believed to be) | -- Acceptable: Acceptable algorithms provide adequate security. -- Next generation encryption (NGE): NGE algorithms are expected to meet the security and scalability requirements of the next two decades. For more information, see Next Generation Encryption. +## Encryption Algorithms + + +| Algorithm Name | Key Size (bits) | Type | Post-Quantum Ready | +|-------------------------------|-----------------|-------------|-------------------| +| AES-128 | 128 | Symmetric | No | +| AES-256 | 256 | Symmetric | No | +| RSA | 1024, 2048, 3072, 4096 | Asymmetric | No | +| ECC | 224, 256, 384, 521 | Asymmetric | No | +| Lattice-Based Cryptography | Variable | Asymmetric | Yes | +| Hash-Based Cryptography | Variable | Asymmetric | Yes | +| Code-Based Cryptography | Variable | Asymmetric | Yes | + + + +1. **AES-128 / AES-256**: Advanced Encryption Standard, a symmetric encryption algorithm with key sizes of 128 and 256 bits respectively. Not considered post-quantum secure. + +2. **RSA**: An asymmetric encryption algorithm that uses a pair of keys (public and private). The security is based on the difficulty of factoring large composite numbers. Not considered post-quantum secure. + +3. **ECC (Elliptic Curve Cryptography)**: An asymmetric encryption algorithm that uses elliptic curves over finite fields. Not considered post-quantum secure. + +4. **Lattice-Based Cryptography**: A type of asymmetric encryption that is considered to be post-quantum secure. It is based on the hardness of certain problems in lattice theory. + +5. **Hash-Based Cryptography**: A type of asymmetric encryption that is considered to be post-quantum secure. It utilizes cryptographic hash functions. + +6. **Code-Based Cryptography**: A type of asymmetric encryption that is considered to be post-quantum secure. It is based on the hardness of decoding linear codes. + + + +### Cryptographic Algorithms Explanation + +| Cryptographic Algorithm | Description | Examples | Post-Quantum Ready | +|-------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------|-------------------| +| **Lattice-Based Cryptography**| These algorithms rely on the hardness of lattice problems, including the Shortest Vector Problem (SVP) and Learning With Errors (LWE). They are believed to offer resistance against quantum attacks due to the mathematical problems they are based on, which have not yet been solved efficiently using quantum algorithms. | NTRU, Kyber, Saber | Yes | +| **Hash-Based Cryptography** | These algorithms use cryptographic hash functions as a fundamental building block. They are considered to be secure against quantum attacks as they rely on the hardness of preimage and collision resistance properties of hash functions. | SPHINCS, LMS | Yes | +| **Code-Based Cryptography** | These algorithms are based on the theory of error-correcting codes. They rely on the difficulty of decoding a general linear code, which is considered to be a hard problem even for quantum computers. | McEliece, Niederreiter | Yes | + + +### AES Modes and Post-Quantum Readiness + +| AES Mode | Description | Post-Quantum Ready | +|-----------------|--------------------------------------------------------------------------|--------------------| +| AES-CBC | Cipher Block Chaining mode, where each block is XORed with the previous ciphertext block before being encrypted. | No | +| AES-GCM | Galois/Counter Mode, an authenticated encryption with associated data (AEAD) scheme. It combines the counter mode of encryption with the Galois mode of authentication. | ? | +| AES-CCM | Counter with CBC-MAC, another authenticated encryption scheme combining counter mode encryption with a CBC-MAC based authentication. | No | +| AES-CTR | Counter Mode, where plaintext blocks are XORed with an encrypted counter value. The counter is incremented for each subsequent block. | No | +| AES-OFB | Output Feedback Mode, turns a block cipher into a synchronous stream cipher. It generates keystream blocks, which are then XORed with the plaintext blocks to get the ciphertext. | No | +| AES-CFB | Cipher Feedback Mode, turns a block cipher into a self-synchronizing stream cipher. Operation is very similar to CBC mode, but CFB mode operates on smaller units (bits or bytes instead of blocks). | No | +| AES-XTS | XEX-based Tweaked CodeBook mode with ciphertext Stealing, mainly used for disk encryption. | No | +| AES-KW | Key Wrap, used for wrapping keys with AES encryption. | No | + + +### AES Key Lengths and Post-Quantum Readiness + +| AES Variant | Key Length (bits) | Post-Quantum Ready (PQR) | +|-------------|-------------------|--------------------------| +| AES-128 | 128 | Possibly (with increased key size) | +| AES-192 | 192 | Possibly (with increased key size) | +| AES-256 | 256 | Possibly (with increased key size) | + -- Quantum computer resistant (QCR): There's a lot of research around quantum computers (QCs) and their potential impact on current cryptography standards. Although practical QCs would pose a threat to crypto standards for public-key infrastructure (PKI) key exchange and encryption, no one has demonstrated a practical quantum computer yet. It is an area of active research and growing interest. Although it is possible, it can't be said with certainty whether practical QCs will be built in the future. An algorithm that would be secure even after a QC is built is said to have postquantum security or be quantum computer resistant (QCR). AES-256, SHA-384, and SHA-512 are believed to have postquantum security. There are public key algorithms that are believed to have postquantum security too, but there are no standards for their use in Internet protocols yet. ## Additional References +Again, I must emphasize that the field of post-quantum cryptography is evolving, and it is recommended to stay updated with the latest research and guidelines from NIST. - NIST Post-Quantum Cryptography Project: https://csrc.nist.gov/projects/post-quantum-cryptography - Post Quantum Cryptography (Wikipedia): https://en.wikipedia.org/wiki/Post-quantum_cryptography