Encryption Algorithms


XChaCha20 is a stream cipher based on ChaCha20 but with an extended nonce. ChaCha20 is based on the Salsa20 cipher (see below) but has improved security and performance.

XChaCha20 uses 20 rounds and a 192-bit nonce, whereas ordinary ChaCha20 uses a 64-bit nonce. ChaCha20 is immune to timing attacks.


XSalsa20 is a stream cipher based on Salsa20 but with an extended nonce. Salsa20 uses 20 rounds and a 64-bit nonce, whereas XSalsa20 uses a 192-bit nonce. Salsa20 is immune to timing attacks.


The Advanced Encryption Standard (AES) is a variant of the Rijndael block cipher. AES uses 14 rounds with a 256-bit key and has a block size of 128-bits. AES is the most popular symmetric encryption algorithm and has had extensive cryptanalysis since its creation.

AES can be used in various modes of operation such as CBC mode, which is outlined below. Some implementations of AES are suspectible to side-channel attacks such as timing attacks.


Cipher Block Chaining (CBC) mode is a block cipher mode where each block of plaintext is XORed with the previous ciphertext block before being encrypted.

AES-CBC requires padding using a padding scheme such as PKCS7 or ISO10126. AES-CBC is recommended by the cryptographers Bruce Schneier and Niels Ferguson.

Libsodium Sealed Boxes (Curve25519, XSalsa20-Poly1305)

Curve25519 is one of the fastest elliptic curves and provides 128-bit security. Curve25519 is used for asymmetric encryption in varaious end-to-end encrypted messaging applications such as the Signal protocol as well as internet protocols like TLS. Curve25519 is immune to timing attacks.

XSalsa20-Poly1305 is the authenticated version of XSalsa20 that uses Poly1305 as a MAC to verify the authenticity of a message.

To read more about the libsodium Sealed Boxes construction click here.