Symmetric9 shown / 97 total4 recommended150 sources citedReviewed April 2026
What are you trying to protect?
Choose your use case for safe defaults, or use the decision wizard for a tailored recommendation.
Symmetric Encryption
The padlock on your data. One key locks it, same key unlocks it.
Ask the Counsel →Select cards to compare algorithms side by side.
9 algorithms shown
AES-256-GCMNIST StandardRecommended default
matureNISTPQ-ready
AES·🇧🇪 BelgiumMarch 2026
General-purpose authenticated encryption. TLS 1.3, disk encryption, government classified data.
AES-256-GCM-SIVIETF RFC 8452Recommended default
establishedIETFPQ-ready
AES·🇺🇸/🇮🇱 US/IsraelApril 2026
Nonce-misuse-resistant authenticated encryption. Systems where nonce uniqueness cannot be guaranteed — distributed systems, cloud KMS, at-rest encryption.
ARIA-256Korean Standard KS X 1213Acceptable (constrained)
ARIA·🇰🇷 South KoreaMarch 2026
Korean government and financial systems.
Camellia-256CRYPTREC / ISO / IETFAcceptable (constrained)
Camellia·🇯🇵 JapanMarch 2026
Japanese government, TLS suites, NESSIE-approved applications.
ChaCha20-Poly1305IETF RFC 8439Recommended default
matureIETFPQ-ready
ChaCha·🇺🇸 United StatesMarch 2026
Authenticated encryption without AES hardware. Mobile, TLS 1.3 fallback, WireGuard.
KuznyechikGOST R 34.12-2015Acceptable (constrained)
GOST·🇷🇺 RussiaMarch 2026
Russian government and military systems.
SM4GB/T 32907 / ISO 18033-3Acceptable (constrained)
SM4·🇨🇳 ChinaMarch 2026
Chinese government, banking, wireless LAN (WAPI).
SNOW-V3GPP / ISO/IEC 18033-4Acceptable (constrained)
SNOW·🇸🇪 SwedenApril 2026
5G confidentiality and integrity (3GPP). High-throughput stream encryption. Successor to SNOW 3G used in 4G/LTE.
XChaCha20-Poly1305IETF Draft / libsodiumRecommended default
establishedIETFPQ-ready
ChaCha·🇺🇸 United StatesMarch 2026
File/at-rest encryption needing random nonces safely. libsodium default.
References & terminology
Source links and definitions for the algorithms currently visible in the results grid.
9 Visible results19 Unique sources3 Curated demos
Terminology guide
Classical security
Estimated resistance against the best known non-quantum attacks, usually expressed in bits of work.
PQ security
Expected security if a cryptographically relevant quantum computer exists. Zero means Shor's algorithm breaks it outright.
KEM
A key encapsulation mechanism: public-key crypto used to establish a shared secret for later symmetric encryption.
AEAD
Authenticated encryption with associated data. It encrypts data and detects tampering in one construction.
MAC
A message authentication code. It proves integrity and key possession, but not public verifiability like a signature.
KDF
A key derivation function. It turns existing secret material into new, purpose-separated keys.
Forward secrecy
Past sessions stay confidential even if a long-term private key is later compromised.
Trusted setup
A setup ceremony some proof systems require. If it is compromised, proofs may be forgeable.
Threshold
A scheme where some minimum number of parties or shares is required before a secret or signature can be reconstructed.
Constant-time
Implementation discipline that avoids data-dependent timing differences which could leak secrets.
Demo links
AES Modes
AES-256-GCM
Compares ECB, CBC, CTR, GCM, and CCM with attack demos and mode visualizations.
ChaCha20 Stream
XChaCha20-Poly1305
Quarter-round stepper, keystream visualizer, nonce-reuse demo, and encrypt/decrypt playground.
Shadow Vault
XChaCha20-Poly1305
Applies XChaCha20-Poly1305 in a deniable-encryption workflow.
Source references
3GPP TS 35.216
SNOW 3G specification for 4G/LTE confidentiality.
Used by SNOW-V
CRYPTREC
Recommended by Japanese government cryptographic evaluation.
Used by Camellia-256
GB/T 32907-2016
Chinese national standard for SM4 block cipher.
Used by SM4
GOST R 34.12-2015
Russian national standard defining Kuznyechik block cipher.
Used by Kuznyechik
Gueron & Lindell 2015
AES-GCM-SIV construction and security analysis.
Used by AES-256-GCM-SIV
IETF Draft
IRTF draft for XChaCha20-Poly1305.
Used by XChaCha20-Poly1305
ISO/IEC 18033-4
International standard for stream ciphers including SNOW 2.0.
Used by SNOW-V
KS X 1213
Korean national standard for block cipher.
Used by ARIA-256
libsodium docs
Nonce-extension construction used in major implementations.
Used by XChaCha20-Poly1305
NIST FIPS 197
AES block cipher specification.
Used by AES-256-GCM
NIST SP 800-38D
GCM mode of operation specification.
Used by AES-256-GCM
RFC 3713
Camellia cipher specification.
Used by Camellia-256
RFC 5794
ARIA cipher specification.
Used by ARIA-256
RFC 7801
GOST R 34.12-2015 block cipher (Kuznyechik).
Used by Kuznyechik
RFC 8439
Specifies ChaCha20-Poly1305 construction and limits.
Used by ChaCha20-Poly1305
RFC 8452
AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption.
Used by AES-256-GCM-SIV
RFC 8998
ShangMi cipher suites for TLS 1.3.
Used by SM4
SNOW-V specification
Johansson & Yang, 2021. SNOW-V design for 5G.
Used by SNOW-V
snow2 (demo)
Modern Rust steganography tool using SNOW-inspired naming with XChaCha20-Poly1305.
Used by SNOW-V