Symmetric Encryption
Block and stream ciphers for confidentiality and authenticated encryption.
Available Symmetric Algorithms
AES-256
Advanced Encryption Standard with 256-bit key for maximum security.
- Key Size: 256 bits (32 bytes)
- Block Size: 128 bits (16 bytes)
- Rounds: 14
- Use Cases: Global standard, hardware acceleration, NIST approved
ChaCha20
High-speed stream cipher with excellent software performance.
- Key Size: 256 bits (32 bytes)
- Nonce Size: 96 bits (12 bytes)
- Counter: 32 bits
- Use Cases: TLS 1.3, mobile devices, software-only environments
ChaCha20-Poly1305
Authenticated encryption combining ChaCha20 stream cipher with Poly1305 MAC.
- Key Size: 256 bits (32 bytes)
- Nonce Size: 96 bits (12 bytes)
- Tag Size: 128 bits (16 bytes)
- Use Cases: TLS 1.3, VPN protocols, authenticated encryption
ARIA-256
Korean standard block cipher with 256-bit key support.
- Key Size: 256 bits (32 bytes)
- Block Size: 128 bits (16 bytes)
- Rounds: 16
- Use Cases: Korean government, international standards
Camellia-256
Japanese standard block cipher with strong security properties.
- Key Size: 256 bits (32 bytes)
- Block Size: 128 bits (16 bytes)
- Rounds: 24
- Use Cases: Japanese government, IETF protocols
Deoxys-II
CAESAR competition finalist with nonce-misuse resistance.
- Key Size: 256 bits (32 bytes)
- Nonce Size: 128 bits (16 bytes)
- Tag Size: 128 bits (16 bytes)
- Use Cases: High-security AEAD, nonce-reuse scenarios
Algorithm Comparison
| Algorithm | Type | Key Size | Security Level | Special Features |
|---|---|---|---|---|
| AES-256 | Block Cipher | 256 bits | 256 bits | Global standard, hardware support |
| ChaCha20 | Stream Cipher | 256 bits | 256 bits | High software performance |
| ChaCha20-Poly1305 | AEAD | 256 bits | 256 bits | Stream cipher + authentication |
| ARIA-256 | Block Cipher | 256 bits | 256 bits | Korean standard |
| Camellia-256 | Block Cipher | 256 bits | 256 bits | Feistel network |
| Deoxys-II | AEAD | 256 bits | 256 bits | Nonce-misuse resistant |
Modes of Operation
All block ciphers support multiple modes:
- ECB: Electronic Codebook (not recommended)
- CBC: Cipher Block Chaining
- CTR: Counter mode
- GCM: Galois/Counter Mode (authenticated)
- CCM: Counter with CBC-MAC (authenticated)
Selection Guide
- For Korean compliance: ARIA-256
- For Japanese compliance: Camellia-256
- For nonce-misuse resistance: Deoxys-II
- For general use: AES-256 (see main algorithms page)
- For authenticated encryption: Deoxys-II or ChaCha20-Poly1305
Security Considerations
- Always use authenticated encryption modes (GCM, CCM) when possible
- Never reuse nonces with the same key (except Deoxys-II)
- Use random IVs for CBC mode
- Implement proper key management and rotation