Technical Glossary
A cryptographic method in which the same secret key is used for both encryption and decryption of data, requiring secure key exchange between communicating parties. Symmetric algorithms such as AES, ChaCha20, and Triple DES provide high-throughput data confidentiality with lower computational overhead compared to asymmetric schemes. These ciphers operate in various modes including CBC, GCM, and CTR that determine how plaintext blocks are processed and chained. NIST FIPS 197 standardizes AES as the approved symmetric encryption algorithm for protecting sensitive government and commercial information.
A cryptographic system utilizing mathematically linked key pairs consisting of a public key for encryption or verification and a private key for decryption or signing, enabling secure communication without prior shared secrets. Asymmetric algorithms including RSA, ECDSA, and EdDSA form the foundation of digital signatures, key exchange protocols, and certificate-based authentication systems. The computational hardness of problems such as integer factorization and discrete logarithm provides the security basis for these schemes. NIST SP 800-56A and IETF RFC 8032 define standard practices for asymmetric key agreement and digital signature implementations.
A public-key cryptographic approach based on the algebraic structure of elliptic curves over finite fields, providing equivalent security to RSA with significantly smaller key sizes. ECC enables efficient digital signatures, key agreement, and encryption operations that are particularly suited to resource-constrained environments and blockchain transaction signing. Standard curves including secp256k1, P-256, and Curve25519 are widely deployed across cryptocurrency platforms and TLS implementations. NIST SP 800-186 and SEC 2 specifications define recommended elliptic curve parameters and domain standards.
A cryptographic algorithm that derives one or more secret keys from a shared secret, password, or initial keying material using a pseudorandom function with optional salt and iteration parameters. KDFs such as HKDF, PBKDF2, and scrypt strengthen raw secrets against brute-force attacks by incorporating computational cost factors and memory-hardness properties. They are essential components in hierarchical deterministic wallet generation, password hashing, and cryptographic protocol key scheduling. NIST SP 800-108 and SP 800-132 standardize key derivation methodologies for federal information systems and commercial applications.
A cryptographic scheme for verifying the authenticity, integrity, and non-repudiation of digital messages or documents using asymmetric key pairs. Digital signature algorithms generate signatures with the signer's private key that can be verified by anyone possessing the corresponding public key, ensuring tamper detection and origin authentication. Variants including ECDSA, EdDSA, and Schnorr signatures provide different performance and security trade-off profiles for blockchain transaction authorization. FIPS 186-5 and IETF RFC 6979 define standardized signature generation and deterministic nonce derivation procedures.
A branch of cryptographic research focused on developing algorithms that remain secure against both classical and quantum computational attacks, particularly Shor's algorithm which threatens current RSA and ECC schemes. PQC candidate families include lattice-based, hash-based, code-based, and multivariate polynomial constructions that resist known quantum algorithmic advantages. NIST completed its post-quantum standardization process selecting CRYSTALS-Kyber for key encapsulation and CRYSTALS-Dilithium for digital signatures as primary standards. Migration to post-quantum algorithms is critical for maintaining long-term confidentiality and integrity of cryptographic systems in the emerging quantum computing era.
An advanced encryption paradigm that enables computation on ciphertext without requiring decryption, producing results that when decrypted match the output of operations performed on the corresponding plaintext. Fully homomorphic encryption schemes allow arbitrary computations on encrypted data, enabling privacy-preserving analytics, secure multi-party computation, and confidential smart contract execution. Current implementations face significant computational overhead, though hardware acceleration and algorithmic optimizations are steadily improving practical performance. ISO/IEC 18033 and research from IEEE explore HE construction frameworks, security proofs, and application architectures.
A cryptographic protocol framework enabling multiple parties to jointly compute a function over their respective private inputs while ensuring that no party learns anything beyond the computation output and their own input. MPC techniques including garbled circuits, secret sharing, and oblivious transfer provide provable security guarantees against semi-honest and malicious adversaries. Applications in cryptographic systems include distributed key generation, threshold signatures, and privacy-preserving auction mechanisms. Research published through ACM and IEEE examines MPC efficiency improvements, composability frameworks, and real-world deployment architectures.
A cryptographic construction that combines a secret key with a cryptographic hash function to produce a message authentication code, providing both data integrity verification and authentication of the message origin. HMAC computes nested hashes using inner and outer padding derived from the shared key, producing fixed-size authentication tags resistant to length extension attacks. It is widely deployed in API authentication, session token generation, TLS record protection, and blockchain node communication protocols. IETF RFC 2104 and NIST FIPS 198-1 define the standardized HMAC construction and approved underlying hash functions.
A cryptographic scheme in which a private key is distributed among multiple participants such that a minimum threshold number of shares must cooperate to perform cryptographic operations, while fewer than the threshold reveals no useful information. Threshold signature schemes including Shamir Secret Sharing and Feldman Verifiable Secret Sharing enable distributed key management without single points of failure. These systems provide enhanced security for cryptocurrency custody, multi-signature wallets, and decentralized validator coordination. IEEE and ACM publications explore threshold ECDSA implementations, proactive secret sharing, and distributed key generation protocols.
A symmetric encryption mode that simultaneously provides confidentiality, integrity, and authenticity of data through a single cryptographic operation, producing both ciphertext and an authentication tag. AEAD algorithms such as AES-GCM and ChaCha20-Poly1305 eliminate the need to separately apply encryption and MAC constructions while preventing subtle composition vulnerabilities. These schemes are mandatory in modern TLS 1.3 connections and secure communication protocols used across cryptographic platforms. NIST SP 800-38D and IETF RFC 5116 define standardized AEAD interfaces and approved algorithm specifications.
A mechanism for generating sequences of numbers or bits that are computationally indistinguishable from truly random outputs, providing the entropy foundation essential for key generation, nonce creation, and protocol security. CSPRNGs combine hardware entropy sources with deterministic algorithms to produce unpredictable outputs that resist prediction even when partial internal state is compromised. Insufficient randomness in cryptographic key generation has led to catastrophic vulnerabilities in blockchain wallets and signature schemes. NIST SP 800-90A defines approved deterministic random bit generator constructions including CTR_DRBG, Hash_DRBG, and HMAC_DRBG.
A cryptographic primitive that requires a specified amount of sequential computation time to evaluate but produces a result that can be efficiently verified by any party in significantly less time. VDFs provide provable time delay guarantees that cannot be accelerated through parallelism, making them valuable for randomness beacons, leader election protocols, and preventing front-running in blockchain systems. Constructions based on groups of unknown order and repeated squaring provide the mathematical foundation for practical VDF implementations. Research from IEEE and Stanford Cryptography Lab has advanced VDF efficiency, security proofs, and integration into consensus protocols.
A fundamental cryptographic protocol in which a sender transfers information to a receiver such that the sender remains unaware of which specific piece of information the receiver obtained. One-out-of-N oblivious transfer allows the receiver to select exactly one of N messages while the sender learns nothing about the selection, providing the basis for more complex privacy-preserving protocols. OT serves as a building block for secure multi-party computation, private information retrieval, and zero-knowledge proof systems. ACM and IEEE publications examine OT extension techniques that amortize the cost of base OT operations for practical large-scale deployments.
A class of security exploits that extract cryptographic secrets by analyzing physical implementation characteristics rather than targeting algorithmic weaknesses, leveraging observable phenomena such as timing variations, power consumption, electromagnetic emissions, and acoustic signals. Side-channel attacks including differential power analysis, cache-timing attacks, and fault injection can compromise hardware wallets, secure enclaves, and cryptographic accelerators used in digital asset platforms. Countermeasures include constant-time implementations, masking, blinding, and hardware isolation techniques. NIST and IEEE have published extensive guidelines on side-channel resistance evaluation methodologies and mitigation strategies for cryptographic implementations.