Signatures & Key Exchanges

  • Key Signatures
    • Single-part signature: Ed25519
    • Multi-part signature: Ed25519ph
  • Authenticated Encryption with Additional Data
    • Encrypts a message with a key and a nonce to keep it confidential
    • Computes an authentication tag. This tag is used to make sure that the message, as well as optional, non-confidential (non-encrypted) data, haven’t been tampered with.
    • Encryption: XChaCha20 stream cipher
    • Authentication: Poly1305 MAC
  • Key exchange – Shared Session Secret Keys
    • BLAKE2B-512
      • BLAKE2 is a cryptographic hash function faster than MD5, SHA-1, SHA-2, and SHA-3, yet is at least as secure as the latest standard SHA-3
      • Optimized for 64-bit platforms—including NEON-enabled ARMs—and produces digests of any size between 1 and 64 bytes
    • X25519 – Ephemeral Key Pair
      • Computes a secret shared between the sender and receiver, using the sender’s secret key and the receiver’s public key (or vice versa)