Encryption

AES

AES: Advanced Encryption Standard.

successor of Data Encryption Standard (DES)
symmetric-key algorithm
can be accelerated by hardware (like graphics can be accelerated by GPU), supported by instruction set extensions in Intel Core i3/i5/i7, AMD Ryzen CPUs, ARMv8.

AEAD

AE: Authenticated Encryption.
AEAD: Authenticated Encryption with Associated Data.

AEAD: authenticity (who the sender is) and integrity (the data has not been tampered with) of that data, but not its secrecy.

AEAD vs MAC:

AEAD: encrypts data and ensures the authenticity.
MAC: does not encrypt, but ensures that data is authentic.

MAC

MAC: message authentication code. (A.k.a a tag)
HMAC: hash-based message authentication code, using a cryptographic hash function like SHA-3, which results in a name like HMAC-SHA3-256.

Purpose: confirm (1) the message came from the stated sender (2) the message has not been changed.

Cryptographic hash function

Or Message Digest

transform a sequence of bits into a fixed sequence of bits.
a one-way, non-invertible function

Input and output:

input data: message(any string)
output: message digest(the hash value).

Methods: (SHA = Secure Hash Algorithm)

SHA-1 (1995): 160-bit (20-byte). Deprecated. All major browsers stopped accepting SHA-1 SSL certificates by 2017.
SHA-2 (2001): a family of six hash functions, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256 (numbers are num of bits).
SHA-3 (2015): SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHAKE128, SHAKE256
MD5: 128bit, used as a checksum to verify data integrity, but only against unintentional corruption.

Notes:

SHA-224 and SHA-256 share the same specification, but use different initial hash values, and the final hash value is truncated to 224 bits for SHA-224.
similar to SHA-512, SHA-384, SHA-512/224 and SHA-512/256, except that the final hash value is truncated to 224 bits for SHA-512/224, 256 bits for SHA- 512/256 or 384 bits for SHA-384.
SHA-256 is faster on 32-bit hardware

Hash functions vs keys

Hash functions have no key. A hash function is an executable algorithm which is pure code. There is one SHA-1 and everybody uses the same.

Asymmetric cryptography

Asymmetric cryptography uses key pairs: a public key, and a private key.

2 use cases:

Sign: Private key signs (produces a hash value of the message) => public key verify signatures.
Encrypt: Public key encrypts => private key decrypts.

A private key of a key pair may be used either to:

Decrypt a message only intended for the recipient, which may be encrypted by anyone having the public key (asymmetric encrypted transport).
Encrypt a message which may be decrypted by anyone, but which can only be encrypted by one person; this provides a digital signature.

The public key is mathematically related to the private key, but given sufficient key length, it is computationally impractical to derive the private key from the public key.

The public key is comprised of a string of random numbers and can be used to encrypt a message. Only the intended recipient can decipher and read this encrypted message and it can only be deciphered and read by using the associated private key, which is also made of a long string of random numbers.

This private key is secret and is known only to the recipient. As the public key is published for all the world to see.

Can public and private keys be swapped?

Mathematically, yes.

RSA has three important components: a public exponent + a private exponent + a common modulus.

public key = public exponent + modulus
private key = private exponent + modulus

An RSA key pair is a number n which is the product of two large probable primes p and q, and a pair of numbers (d, e) such that d × e - 1 is a multiple of (p - 1) × (q - 1). The numbers d and e are known as exponents. d and e symmetrically. The public key is the pair of numbers (n, e) and the private key is the pair of numbers (n, d).

In practice, the public exponent is almost always 65537 (or 0x10001) -- the same value for every key. So only the modulus is unique. So they should not be swapped.

Adiantum

Most Android devices have hardware support for AES via ARMv8 Cryptography Extensions. However for low-end devices, this is not supported, AES is slow.

Adiantum is Google's solution, which uses uses a fast hash (NH + Poly1305) and a fast stream cipher (XChaCha12).

github.com/google/adiantum