Cryptography

Public Key Cryptography:
Digital Signatures: encrypt a known data (nounce or message hash) with sender's private key
Certificate Authorities: a trusted third party that will digitally sign and publish the public key bound to a user or entity

Storing password

How To Safely Store A Password | codahale.com bcrypt
Secure Salted Password Hashing - How to do it Properly
The difference between Encryption, Hashing and Salting

Serious Security: How to store your users’ passwords safely – Naked Security
How Dropbox securely stores your passwords | Dropbox Tech Blog

scrypt - Wikiwand
bcrypt - Wikiwand
Salt (cryptography) - Wikiwand

PBKDF2 - Wikiwand
PBKDF2 Hashing Algorithm. Before moving into the PBKDF2 hashing… | by Nishothan Vettivel | Medium
https://www.ietf.org/rfc/rfc2898.txt

Argon2 - Wikiwand
P-H-C/phc-winner-argon2: The password hash Argon2, winner of PHC
How to enable Argon2 KDF in Bitwarden - gHacks Tech News

Implementation

openssl

The Linux Crypto API for user applications
This is slower than OpenSSL

Welcome to PyCryptodome’s documentation pycryptodome provides Crypto package (to replace PyCrypto), pycryptodomex provides Cryptodome package
Legrandin/pycryptodome: A self-contained cryptographic library for Python

emmansun/gmsm: ShangMi (SM) cipher suites for golang (Go语言商用密码软件)
tjfoc/gmsm: GM SM2/3/4 library based on Golang (基于Go语言的国密SM2/SM3/SM4算法库)
tjfoc/gmtls: GM TLS/SSL Based on Golang (基于国密算法的TLS/SSL代码库)

AES instruction set - Wikiwand

Key Exchange

End to End Encryption (E2EE) - Computerphile - YouTube
How Signal Instant Messaging Protocol Works (& WhatsApp etc) - Computerphile - YouTube

Secret Key Exchange (Diffie-Hellman) - Computerphile - YouTube
Diffie Hellman -the Mathematics bit- Computerphile - YouTube
Key Exchange Problems - Computerphile - YouTube
Double Ratchet Messaging Encryption - Computerphile - YouTube

Homomorphic Encryption

ciphertext that can be processed or analyzed

Homomorphic encryption - Wikiwand
Homomorphic Encryption: How It Works | Splunk
What Is Homomorphic Encryption?

3 Homomorphic Encryption Trends for 2025

Block Ciphers

contrast "stream ciphers", where encrypted strings are the same length as the plaintext

Symmetric-key algorithm - Wikiwand

Lecture3 Lecture 3: Block Ciphers and the Data Encryption Standard

Anatomy of a password disaster – Adobe’s giant-sized cryptographic blunder – Naked Security study of Adobe's leaked password database

Feistel Cipher - Computerphile - YouTube

Modes of operation

Block cipher mode of operation - Wikiwand

Block ciphers, as the name suggests, encrypts blocks. The methods of segmenting data into blocks is called "modes of operation".

Modes of Operation - Computerphile - YouTube
ECB: simply divides a message into 16 byte blocks, preserves pattern (for experts only: ECB should never be used except in some very specific cases)
CBC: first block XORed with Initialization Vector (IV) (nonce), every other block XORed with the ciphertext of the block preceding it; however this introduces dependency on previous block and encryption cannot be parallelized
CTR: uses counter and nounce (similar to IV) per block to allow each block to be encrypted concurrently

Authenticated encryption - Wikiwand protects against chosen ciphertext attack on decryption oracle
Authenticated Encryption in .NET with AES-GCM

AES

Advanced Encryption Standard - Wikiwand
Lecture 8: AES: The Advanced Encryption Standard
Protect your TCP tunnel by implementing AES encryption with Python [Tutorial] | Packt Hub

Crypto competitions: AES: the Advanced Encryption Standard
AES Explained (Advanced Encryption Standard) - Computerphile - YouTube
One Encryption Standard to Rule Them All! - Computerphile - YouTube
Almost All Web Encryption Works Like This (SP Networks) - Computerphile - YouTube

CTR mode, also known as Counter mode, is a stream cipher mode of AES encryption. With stream cipher encryption, it is not necessary to encrypt the plaintext in fixed blocks like AES in CBC mode, which encrypts data in 16-byte blocks. If the plaintext to be encrypted is smaller than the block size, padding is required to process a complete 16-byte block.

DES

Even Triple DES (3-DES) is not recommended

Commands

opessl openssl is for proof of concept

man enc  # show ciphers

# encryption
openssl aes-256-cbc -in attack-plan.txt -out message.enc

# decryption
openssl aes-256-cbc -d -in message.enc -out plain-text.txt

gpg

# encryption
gpg --cipher-algo AES256 --symmetric filename.tar.gz

# decryption
gpg --output filename.tar.gz --decrypt filename.tar.gz.gpg

AES Crypt
aescrypt

ShangMi SM4

SM4 (cipher) - Wikiwand

算法库 | openEuler文档 | openEuler社区 | v22.09 SM2/3/4 supported in OpenSSL

Stream Ciphers

Chacha Cipher

alternative to AES

Chacha Cipher - Computerphile - YouTube
ARX cipher: add, rotate, xor

Public Key Cryptography

Public-key cryptography - Wikiwand
Public Key crypto simply works with numbers. This means that any messages would have to be converted into a number before being encrypted.

RSA

RSA (cryptosystem) - Wikiwand
How does RSA work? – Hacker Noon

The RSA Encryption Algorithm (1 of 2: Computing an Example) - YouTube
The RSA Encryption Algorithm (2 of 2: Generating the Keys) - YouTube

Generate two large co-prime numbers, p and q.
Find n = pq and phi = (p-1) (q-1)
Select e such that 1 < e < phi, and e is coprime of phi
Find d, which is the multiplicative inverse of e modulo phi.
The couple (e, n) is the public key
The couple (d, n) is the private key
Ciphertext c = m^e mod n
Plaintext m = c^d mod n

Pretty Good Privacy (PGP) and Digital Signatures | Linux Journal

ECC

ShangMi SM2

A suite of authentication, encryption, and hash algorithms from the People's Republic of China.

SM2 Cryptography Algorithm: A public key crypto scheme based on elliptic curves. An overview of the specification, in Chinese, can be found in GM/T 0009-2012. Additional specifications can be found in:
- GB/T 32918.1-2016, Part 1: General
- GB/T 32918.2-2016, Part 2: Digital signature algorithm
- GB/T 32918.3-2016, Part 3: Key exchange protocol
- GB/T 32918.4-2016, Part 4: Public key encryption algorithm
- GB/T 32918.5-2017, Part 5: Parameter definition
  SM3 Cryptographic Hash Algorithm: A hash algorithm operating on 512-bit blocks to produce a 256-bit hash value. Described in GB/T 32905-2016.
SM4 Block Cipher Algorithm: A Feistel block cipher algorithm with a block length and key length of 128 bits, and 32 rounds. Described in GB/T 32907-2016.

An application of the ShangMi Cipher Suites in TLS can be found in RFC 8998.
国密SSL协议是什么？与标准TLS协议的区别- 沃通SSL证书!

Performance Evaluation and Comparison of Standard Cryptographic Algorithms and Chinese Cryptographic Algorithms
On the Design and Performance of Chinese OSCCA-approved Cryptographic Algorithms PDF

age

FiloSottile/age: A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

Attribute-Based Encryption

A Gentle Introduction to Attribute-Based Encryption

Signature

What are Digital Signatures? - Computerphile - YouTube

Steganography

Steganography - Wikiwand
隐写术鉴赏 - YouTube

Outguess – Rbcafe
OutGuess - Wikiwand
resurrecting-open-source-projects/outguess: Universal steganographic tool

StegCloak
KuroLabs/stegcloak: Hide secrets with invisible characters in plain text securely using passwords 🧙🏻‍♂️⭐
How to Hide Secrets in Strings— Modern Text hiding in JavaScript | by Mohan Sundar | Bits and Pieces

resurrecting-open-source-projects/outguess: Universal steganographic tool

Homograph

Faux Cyrillic - Wikiwand
IDN homograph attack - Wikiwand

Zero-knowledge proof/ZKP

Zero-knowledge proof - Wikiwand
把問題和答案的關聯轉變成機率問題, 透過趨近無窮次的試驗，使猜對的機率趨近 0

Introduction | ZKDocs
trailofbits/zkdocs: Interactive documentation on zero-knowledge proof systems and related primitives.

Zero-Knowledge Proof (ZKP) — Explained | Chainlink
Zero-knowledge proofs explained in 3 examples

The Magic of Zero-Knowledge Proofs #SoME3 - YouTube

SNARKs
STARKs
Bulletproofs
Folding Schemes
Lookup

Zero Knowledge Proofs - YouTube
神奇的零知识证明！既能保守秘密，又让别人信你！ - YouTube

zkVMs

The different types of ZK-EVMs

The Evolution of Rust inside zkVMs - Erik Kadena | RISC Zero - YouTube
Zeroing into zkVMs — Taiko Labs

Post-quantum

Post-quantum cryptography - Wikiwand
后量子密码学 - Wikiwand

Understanding Post-Quantum Cryptography | Entrust
Post-quantum Cryptography (PQC): New Algorithms for a New Era - Rambus
How to prepare for post quantum cryptography | McKinsey
What are quantum-resistant algorithms—and why do we need them? | MIT Technology Review

Shor's algorithm - Wikiwand
How Quantum Computers Break Encryption | Shor's Algorithm Explained - YouTube

Algorithms

Post-Quantum Cryptography | CSRC

Lattice-based cryptography - Wikiwand
Multivariate cryptography - Wikiwand
Hash-based cryptography - Wikiwand
Code-based cryptography
Isogeny-based cryptography
Symmetric key quantum resistance

PQ3 adopted by Apple

CRYSTALS hard problems over module lattices, learning with errors (LWE)

Public Key Encryption + Key encapsulation mechanism
BIKE - Bit Flipping Key Encapsulation QC-MDPC (Quasi-Cyclic Moderate Density Parity-Check)
Classic McEliece: Intro binary Goppa codes
FrodoKEM LWE
HQC Syndrome decoding of structure codes (Hamming Quasi-Cyclic)
Kyber hard problems over module lattices, LWE
NTRU Prime: Intro NTRU lattice

Stateless Signature
CROSS crypto random linear code
Dilithium
Falcon NTRU lattice
MAYO multivariable quadratic equations
SPHINCS+ hash-based signatures

Stateful Signature
RFC 8391 - XMSS: eXtended Merkle Signature Scheme hash-based signatures
XMSS/xmss-reference: Repository for the XMSS reference code, accompanying RFC 8391, XMSS: eXtended Merkle Signature Scheme
RFC 8554 - Leighton-Micali Hash-Based Signatures LMS, hash-based signatures
cisco/hash-sigs: A full-featured implementation of of the LMS and HSS Hash Based Signature Schemes from draft-mcgrew-hash-sigs-07.