← Week 1: Cryptographic Foundations

Day 2: Symmetric Cryptography in TLS

Phase 1 · May 15, 2026

← Week 1: Cryptographic Foundations

Agenda (2–3 hours)

  • Read (45 min): RFC 8446 §B.4 (cipher suites); RFC 5116 (AEAD interfaces)
  • Study (45 min): AEAD primitives used in TLS 1.3
  • Practice (45 min): Encrypt/decrypt with openssl and Rust
  • Challenge (30 min): Rust coding exercise
← Week 1: Cryptographic Foundations

TLS 1.3 Cipher Suites (All AEAD)

TLS_AES_128_GCM_SHA256       (most common)
TLS_AES_256_GCM_SHA384       (higher security margin)
TLS_CHACHA20_POLY1305_SHA256 (software-optimized, no AES-NI needed)
TLS_AES_128_CCM_SHA256       (constrained devices)
TLS_AES_128_CCM_8_SHA256     (IoT, truncated tag — avoid in general use)

TLS 1.3 eliminated all non-AEAD cipher suites. No more RC4, 3DES, CBC mode.

← Week 1: Cryptographic Foundations

AEAD: Authenticated Encryption with Associated Data

One primitive provides confidentiality + integrity + authentication simultaneously.

Encrypt(key, nonce, plaintext, aad) → ciphertext || tag
Decrypt(key, nonce, ciphertext || tag, aad) → plaintext or ERROR
  • aad (associated data): authenticated but not encrypted (e.g., record header)
  • tag: authentication tag — modification of ciphertext is detected
  • nonce: must be unique per (key, message) pair — reuse is catastrophic
← Week 1: Cryptographic Foundations

AES-GCM vs ChaCha20-Poly1305

AES-GCM ChaCha20-Poly1305
Speed (HW) Fast (AES-NI) Slower
Speed (SW) Slower Fast
Nonce reuse Catastrophic Catastrophic
Security margin 128/256-bit 256-bit
Best for Server hardware Mobile/embedded

TLS 1.3 prefers AES-GCM when AES-NI is available, ChaCha20 otherwise.

← Week 1: Cryptographic Foundations

Practice Exercise

# Encrypt with AES-256-GCM
echo "hello world" | openssl enc -aes-256-gcm -k "mysecretpassword" \
  -pbkdf2 -out encrypted.bin

# Decrypt
openssl enc -d -aes-256-gcm -k "mysecretpassword" \
  -pbkdf2 -in encrypted.bin

Note: openssl enc doesn't expose raw AEAD params well — the Rust exercise is more instructive.

← Week 1: Cryptographic Foundations

Challenge Assignment

Write a Rust function using the aes-gcm crate:

// Implement these two functions
fn encrypt(key: &[u8; 32], plaintext: &[u8]) -> (Vec<u8>, [u8; 12]);
fn decrypt(key: &[u8; 32], nonce: &[u8; 12], ciphertext: &[u8]) -> Result<Vec<u8>, Error>;

Requirements:

  1. Generate a random nonce using rand crate (do not hardcode it)
  2. Verify that modifying one byte of ciphertext causes decryption to fail
  3. Verify that reusing a nonce with a different message produces different ciphertext

Add aes-gcm = "0.10" and rand = "0.8" to Cargo.toml.

← Week 1: Cryptographic Foundations

Resources