ED25519 and ED448 are the default choices, as they are widely recognized standards and perform well even on lower-powered devices, unlike some RSA key sizes that require dedicated hardware for secure and efficient execution.
X25519 and X448 are used for key exchange, selected for the same efficiency and security reasons as their signature counterparts.
Stream ciphers such as XChaCha20 and XSalsa20 are preferred. Without specialized hardware support, they often provide stronger practical security compared to AES in software-only environments.
HMAC-SHA512 is used to ensure that encrypted data from stream ciphers cannot be altered without detection.
Blake2b is used in combination with ED448 for pre-hashing messages before signing.
Separate keys are maintained for encryption and for MAC generation, ensuring reduced risk of cross-protocol attacks. At least two independent key exchange sessions are performed. One session key is dedicated to MAC operations, while the other is dedicated to encryption. The assignment of sessions to roles is arbitrary, but they are never reused across both domains.
In private infrastructure or offline exchanges, both parties can verify public key hashes before starting encrypted communication. This reduces the risk of MITM attacks by confirming the authenticity of exchanged keys.
Currently, there are no plans to support post-quantum cryptography (PQC) algorithms. Unlike traditional approaches in existing technologies, cryptographic algorithms must be extensively vetted and analyzed by the community before being considered secure. Migration to PQC is anticipated around 2030–2032, in alignment with industry standards and NIST recommendations.
If you need cryptographic algorithm replacements, guidance on secure key generation, or other applicable customizations, please visit the Contact page for consultation and optional professional services.