This post summarizes common (and some uncommon) encryption algorithms.

Some of them have been deprecated over the time. So if you are looking for one to implement, please check this.

## Cryptographic Systems

The cryptographic systems that are checked in this post are:

- Symmetric Key Cryptographic Systems
- Asymmetric Key Cryptographic Systems
- One-way Hash/Message Digest Algorithms

## Symmetric Key Cryptographic Systems

Symmetric Key Cryptographic Systems:

- Data Encryption Standard (DES)
- Triple DES (3DES)
- Advanced Encryption Standard (AES)
- Rivest Ciphers (RC) family
- RC4
- RC5
- RC6

- Blowfish
- Twofish
- International Data Encryption Algorithm (IDEA)
- Skipjack
- CAST family
- CAST-128
- CAST-256

- Serpent
- IDEA
- Salsa20 / ChaCha
- Grain 128a
- Camellia
- Kuznyechik

As of 2021, NIST recommends **AES**.

### Data Encryption Standard (DES)

*DEPRECATED*

It is vulnerable to brute-force attacks due to its limited key length (56-bit).

Withdrawn by NIST.

### Triple DES (3DES)

Proposed extension of DES standard that retains backward compatibility. It applies the DES cipher algorighm three times to each data block.

### Advanced Encryption Standard (AES)

Winner of the AES contest. It was originally known as **Rijndael** (pronounced “rain-dahl”).

Public algorithm that supports keys from 128 to 256 bits in size.

Recommended by NIST.

### RC Family

#### RC4

*DEPRECATED*

Stream-cipher often used in SSL/TLS protocol sessions.

It is used in the WLAN standard WEP.

#### RC5

#### RC6

### Blowfish

### Twofish

Developed by Bruce Schneier, the same as Blowfish.

It was finalist in the AES Contest.

The creator of Blowfish recommends Twofish over its own cypher.

### Skipjack

Skijack was approved by U.S. government as the Escrowed Encryption Standard (EES). It required escrow procedures within the U.S. Government.

### CAST family

It comes in two forms:

- CAST-128
- CAST-256

#### CAST-128

CAST-128 uses a maximum of key size of 128 bits.

#### CAST-256

CAST-256 uses a maximum of key size of 256 bits.

### Serpent

It was finalist in the AES Contest.

### International Data Encryption Algorithm (IDEA)

IDEA was intended as a replacement for DES.

It is incorporated in Pretty Good Privacy (PGP) v2.

Less common than the others.

### Salsa20 / ChaCha

**ChaCha** is an improvement of Salsa20.

### Grain 128a

Grain 128a was proposed in 2011.

### Camellia

Less common than the others.

Included in VeraCrypt software.

### Kuznyechik

Less common than the others.

Included in VeraCrypt software.

## Asymmetric Key Cryptographic Systems

Asymmetric Key Cryptographic Systems

- Rivest-Shamir-Adleman (RSA)
- Merkle-Hellman Knapsack
- Elliptic Curve Cryptography (ECC)
- Diffie-Hellman
- ElGamal
- Digital Signature Algorithm (DSA)
- Fortezza

**RSA** is the most popular asymmetric algorithm.

### Rivest-Shamir-Adleman (RSA)

The most popular asymmetric algorithm, and currently a worldwide standard.

Proposed in 1977 by Ronald Rivest, Adi Shamir and Leonard Adleman.

The main drawback lies in the length of the keys (between 1024 and 4096 bits) and the complexity of calculations for encoding and decoding.

RSA started with a patent on its algorithm, but it was released into the public domain in 2000.

### Merkle-Hellman Knapsack

*DEPRECATED*

It was published soon after RSA.

It was broken in 1984.

### Elliptic Curve Cryptography (ECC)

Published in 1985 independently by mathematicians Neal Koblitz (University of Washington, USA) and Victor Miller (IBM, USA).

It has higher speed at encrypting/decrypting with significantly shorter keys than other algorithms (between 256 and 512 bits). Providing the same level of protection, ECC keys are 12 times shorter than RSA.

Providing the same level of protection ECC double size of symmetric encryption keys.

Because of its lighter processing demands, it is used on mobile phones.

ECC depends on the elliptic curve discrete logarithm problem.

A variant is Elliptic Curve Digital Standard Algorithm (ECDSA), specified in ANSI X9.62. This algorithm is listed in Digital Signature Standard (DSS) by NIST.

RSA was released to the public domain in 2000.

### Diffie-Hellman

One of the earliest practical examples of public key exchanges.

### ElGamal

Published in 1985 by Egyptian Dr. Taher Elgamal, who worked then for Netscape.

It is an extension of Diffe-Hellman algorithm.

It did not obtain a patent, so it has always been in the public domain. Because of this, it was an patent-free alternative to RSA until 2000, when RSA was released into the public domain.

The ciphertext encrypted with this algorithm doubles the size of the plain text; this is considered one of its drawbacks.

### Digital Signature Algorithm (DSA)

It is specified by NIST in Federal Information Processing Standards (FIPS) 186-4, also known as Digital Signature Standard (DSS).

It is a variant of an algorithm by Taher Elgamal.

### Fortezza

Used by US Government.

## One-way Hash Functions

One-way hash or message digest algorithms:

- MD family
- MD2
- MD4
- MD5

- Secure Hash Algorithm (SHA) Family
- SHA-1

- SHA-2
- SHA-256
- SHA-384
- SHA-512

- SHA-3

- Whirlpool
- Streboog
- RIPEMD
- Hash of Variable Length (HAVAL)
- Hash Message Authentication Code (HMAC)
- PANAMA
- TIGER
- ADLER32
- CRC32

**SHA-2** is the standard, though **SHA-3** is more secure but more difficult to implement.

Ways to manage collision:

- Open Addressing
- Separate Chaining

### MD Family

#### MD2

*DEPRECATED*

#### MD4

*DEPRECATED*

#### MD5

*DEPRECATED*

### SHA Family

They are supported by NIST through the publication of Secure Hash Standard (SHS), also known as FIPS 180.

#### SHA-1

*DEPRECATED*

Developed by NSA. It has been substituted by its successor SHA-2.

#### SHA-2

SHA-2 contain different has functions, like SHA-256 (one of the most popular), SHA-384 and SHA-512.

Validated by NESSIE project and NSA.

#### SHA-3

SHA-3 has been announced by NIST in the event a successful attack is developed against SHA-2.

#### Whirlpool

Validated by NESSIE project and ISO.

#### RACE Integrity Primitives Evaluation Message Digest (RIPEMD)

RACE Integrity Primitives Evaluation Message Digest (RIPEMD) is a 160-bit hash algorithm developed by Hans Dobbertin, Antoon Bosselaers, and Bart Preneel. There exist 128, 256 and 320-bit versions of this algorithm, called RIPEMD-128, RIPEMD-256, and RIPEMD-320, respectively. These all replace the original RIPEMD, which was found to have collision issue. It does not follow any standard security policies or guidelines.

It is used on cryptocurrencies like BitCoin.

#### Hash of Variable Length (HAVAL)

*DEPRECATED*

Hash of Variable Length (HAVAL) is a modification of MD5.

HAVAL was broken in 2004.

#### Hash Message Authentication Code (HMAC)

Hash message authentication code (HMAC) is used in HMAC-based One-Time Password (HOTP) standard to create one-time passwords.

#### PANAMA

No info about this.

#### TIGER

No info about this.

#### ADLER32

No info about this.

#### CRC32

No info about this.

## Encryption Standards

### NIST’s Digital Signature Standard (DSA)

Digital Signature algorithms included in Digital Signature Standard (DSA), issued by NIST:

- Digital Signature Standard (DSA)
- Elliptic Curve Digital Signature Standard (ECDSA)
- RSA

### Federal Information Processing Standard (FIPS)

Within the NIST, there is the **Computer Security Resource Center (CSRC)**.

There is a series of publications issued by NIST CSRC that is called **Federal Information Processing Standard (FIPS)**. You can check the full list of FIPS series publications on this link.

**FIPS 140** series has the title “Security Requirements for Cryptographic Modules”. There are different version of this publication; as of October 2022, the latest is **FIPS 140-3**, that supersedes **FIPS 140-2**.

There are validation certificates for FIPS 140.

## You might be also interested in…

## External References

- VeraCrypt application
- HashCalc application; SlavaSoft
- “CISSP Official Study Guide Ninth Edition”, Mike Chaple, James Michael Stewart, Darril Gibson; Sybex; 2021; Chapter 6 “Cryptography and Symmetric Key Algorithms”, pp. 247-252
- “CISSP Official Study Guide Ninth Edition”, Mike Chaple, James Michael Stewart, Darril Gibson; Sybex; 2021; Chapter 7 “PKI and Cryptographic Applications”, pp. 264-271
- “CISSP Official Study Guide Ninth Edition”, Mike Chaple, James Michael Stewart, Darril Gibson; Sybex; 2021; Chapter 7 “PKI and Cryptographic Applications”, pp. 271-274

[…] Encryption algorithms […]