Nonce-misuse-resistant authenticated encryption. Systems where nonce uniqueness cannot be guaranteed — distributed systems, cloud KMS, at-rest encryption.

2 sources·Standards-backedAsk →

ARIA-256Korean Standard KS X 1213Acceptable (constrained)

ARIA·🇰🇷 South KoreaApril 2026

Korean government and financial systems.

2 sources·Standards-backedAsk →

Camellia-256CRYPTREC / ISO / IETFAcceptable (constrained)

Camellia·🇯🇵 JapanApril 2026

Japanese government, TLS suites, NESSIE-approved applications.

2 sources·Standards-backedAsk →

ChaCha20-Poly1305IETF RFC 8439Recommended default

matureIETFPQ-ready

ChaCha·🇺🇸 United StatesApril 2026

Authenticated encryption without AES hardware. Mobile, TLS 1.3 fallback, WireGuard.

1 source·Standards-backedAsk →

KuznyechikGOST R 34.12-2015Acceptable (constrained)

GOST·🇷🇺 RussiaApril 2026

Russian government and military systems.

2 sources·Standards-backedAsk →

SM4GB/T 32907 / ISO 18033-3Acceptable (constrained)

SM4·🇨🇳 ChinaApril 2026

Chinese government, banking, wireless LAN (WAPI).

2 sources·Standards-backedAsk →

SNOW-V3GPP / ISO/IEC 18033-4Acceptable (constrained)

SNOW·🇸🇪 SwedenApril 2026

5G confidentiality and integrity (3GPP). High-throughput stream encryption. Successor to SNOW 3G used in 4G/LTE.

4 sources·Standards-backedAsk →

XChaCha20-Poly1305IETF Draft / libsodiumRecommended default

establishedIETFPQ-ready

ChaCha·🇺🇸 United StatesApril 2026

File/at-rest encryption needing random nonces safely. libsodium default.

2 sources·Standards-backedAsk →

References & terminology

Source links and definitions for the algorithms currently visible in the results grid.

9 Visible results19 Unique sources13 Curated demos

Terminology guide

Classical security

Estimated resistance against the best known non-quantum attacks, usually expressed in bits of work.

PQ security

Expected security if a cryptographically relevant quantum computer exists. Zero means Shor's algorithm breaks it outright.

KEM

A key encapsulation mechanism: public-key crypto used to establish a shared secret for later symmetric encryption.

AEAD

Authenticated encryption with associated data. It encrypts data and detects tampering in one construction.

MAC

A message authentication code. It proves integrity and key possession, but not public verifiability like a signature.

KDF

A key derivation function. It turns existing secret material into new, purpose-separated keys.

Forward secrecy

Past sessions stay confidential even if a long-term private key is later compromised.

Trusted setup

A setup ceremony some proof systems require. If it is compromised, proofs may be forgeable.

Threshold

A scheme where some minimum number of parties or shares is required before a secret or signature can be reconstructed.

Constant-time

Implementation discipline that avoids data-dependent timing differences which could leak secrets.

Demo links

AEGIS Gate

AES-256-GCM

AEAD walkthrough comparing nonce handling and throughput tradeoffs in modern authenticated encryption.

AES Modes

AES-256-GCM

Compares ECB, CBC, CTR, GCM, and CCM with attack demos and mode visualizations.

Ascon

ChaCha20-Poly1305

Lightweight cryptography lab covering AEAD, hashing, and constrained-device design tradeoffs.

Biham Lens

AES-256-GCM

Classical cryptanalysis intuition builder for block-cipher style systems.

ChaCha20 Stream

ChaCha20-Poly1305

Quarter-round stepper, keystream visualizer, nonce-reuse demo, and encrypt/decrypt playground.

ChaCha20 Stream

XChaCha20-Poly1305

Quarter-round stepper, keystream visualizer, nonce-reuse demo, and encrypt/decrypt playground.

Dead Sea Cipher

AES-256-GCM

Historical cipher lab for context on modern symmetric design goals.

Format Ward

AES-256-GCM

Format-preserving encryption playground for structured fields and tokens.

Iron Serpent

AES-256-GCM

Applied symmetric-encryption lab for key/nonce discipline in real workflows.

Nonce Guard

ChaCha20-Poly1305

Demonstrates nonce-misuse failures and how modern AEAD usage avoids them.

Padding Oracle

AES-256-GCM

Shows why authenticated encryption closes oracle-style decryption side channels.

Shadow Vault

XChaCha20-Poly1305

Applies XChaCha20-Poly1305 in a deniable-encryption workflow.

World Ciphers

AES-256-GCM

Cipher family comparison with design and deployment tradeoff context.

Source references

3GPP TS 35.216

SNOW 3G specification for 4G/LTE confidentiality.

Chinese national standard for SM4 block cipher.

Used by SM4

GOST R 34.12-2015

Russian national standard defining Kuznyechik block cipher.

Used by Kuznyechik

Gueron & Lindell 2015

AES-GCM-SIV construction and security analysis.

Used by AES-256-GCM-SIV

IETF Draft

IRTF draft for XChaCha20-Poly1305.

Used by XChaCha20-Poly1305

ISO/IEC 18033-4

International standard for stream ciphers including SNOW 2.0.

Used by SNOW-V

KS X 1213

Korean national standard for block cipher.

Used by ARIA-256

libsodium docs

Nonce-extension construction used in major implementations.

Used by XChaCha20-Poly1305

NIST FIPS 197

AES block cipher specification.

Used by AES-256-GCM

NIST SP 800-38D

GCM mode of operation specification.

Used by AES-256-GCM

RFC 3713

Camellia cipher specification.

Used by Camellia-256

RFC 5794

ARIA cipher specification.

Used by ARIA-256

RFC 7801

GOST R 34.12-2015 block cipher (Kuznyechik).

Used by Kuznyechik

RFC 8439

Specifies ChaCha20-Poly1305 construction and limits.

Used by ChaCha20-Poly1305

RFC 8452

AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption.

Used by AES-256-GCM-SIV

RFC 8998

ShangMi cipher suites for TLS 1.3.

Used by SM4

SNOW-V specification

Johansson & Yang, 2021. SNOW-V design for 5G.

Used by SNOW-V

snow2 (demo)

Modern Rust steganography tool using SNOW-inspired naming with XChaCha20-Poly1305.

Used by SNOW-V