XSalsa20 encryption vs. AES-256: What's the difference?
Encryption is one of the main building blocks of online security. Learn more about the XSalsa20 and AES-256 encryption algorithms, and how they differ from each other.
Encryption is a process of encoding data to make it secure and unreadable by anyone except the intended recipient. It is used to protect sensitive information from unauthorized access, which makes it essential online data transfer and communication. Strong encryption is also a cornerstone of online privacy.
There are two main types of encryption algorithms: symmetric and asymmetric. Symmetric encryption uses a single private key for both encryption and decryption, while asymmetric encryption uses two different keys - one for encryption and one for decryption.
Two of the most popular algorithms used in cryptography today are XSalsa20 and AES-256. Both algorithms provide strong security, but they differ in their approach to encrypting data. In this article, we will discuss the differences between XSalsa20 and AES-256 so you can make an informed decision when choosing an encryption algorithm for your data security needs.
What is AES encryption?
The AES (Advanced Encryption Standard) algorithm, also known as the Rijndael algorithm, is one of the most secure algorithms available and is widely used in many industries, including banking, healthcare, and government.
It was originally developed by two Belgian cryptographers, Vincent Rijmen and Joan Daemen (hence the initial name) in 1998, and was chosen in 2002 by the U.S. National Institute of Standards and Technology (NIST) to replace the Data Encryption Standard (DES). The latter is an algorithm that has been around since the early 1970s and had by the late 1990s become too easy to crack due to growing computational power.
AES is a symmetric block cipher algorithm. It works by dividing data into blocks of 128 bits and encrypting each block separately. The blocks are encrypted in multiple rounds using SPN (substitution permutation network), which makes the encryption much more difficult to crack. AES encryption keys can have a length of either 128, 192, or 256 bits, with different numbers of possible key combinations for each key length.
| Key length | possible combinations |
|---|---|
| 128-bit | 3.4 x 10³⁸ |
| 192-bit | 6.2 x 10⁵⁷ |
| 256-bit | 1.1 x 10⁷⁷ |
The sheer number of possible combinations makes AES encryption essentially unbreakable in terms of brute force when it's implemented correctly. The most powerful supercomputer in the world, currently the Frontier with an Rmax of 1,102 petaflops, would need 9.78 × 10¹⁵ or almost ten quadrillion years to crack. Just to put that insane number into perspective: that's 77 thousand times the current age of the universe!
In addition to its high security, AES is appealing because it is easy to understand and therefore implement. It also allows for fast encryption and decryption times. The AES algorithm can be found in many everyday-use applications, for example wireless network security, safe browsing using the HTTPS protocol, and general file encryption, including chat messages and documents.
What is XSalsa20 encryption?
XSalsa20 is a stream cipher used in symmetric encryption. It is based on the Salsa20 cipher, which was designed in 2005. XSalsa20 is a variant proposed in 2008 that uses longer nonces (192-bit where the original Salsa20 uses 64-bit), making it more suitable for certain applications.
Both Salsa20 and XSalsa20, as well as the closely related ChaCha cipher family, were developed by German-American mathematician and cryptographer Daniel J. Bernstein. The original Salsa20 was submitted to the eSTREAM project and is now one of the ciphers of the project's portfolio.
Salsa and ChaCha ciphers are built on a pseudorandom function based on ARX (add-rotate-XOR) operations. XSalsa20 uses the first 128 bits of the nonce and a 256-bit key to create a subkey. The remaining 64 bits of the nonce and the subkey become the parameters of the Salsa20 function to generate the stream.
The XSalsa20 cipher is combined with the Poly1305 message authentication code to form the AEAD algorithm. This gives confidentiality as well as authenticity to your encryption, ensuring that the data is encrypted and that no one can alter any bit of your data.
What's the difference between XSalsa20 and AES?
Both algorithms provide strong security, but they have some differences in terms of speed, complexity, and other features.
In general, AES is more prevalent than XSalsa. XSalsa20 (combined with Poly1305) is mainly used in the crypto_box function in the NaCl crypto library, which is in turn used in a number of different applications. Most notably for us at Koofr, this is the function used in rclone and in Koofr Vault.
Salsa's sister cipher, ChaCha, has seen a higher adoption rate - it has been used by companies like Google, NordPass, and WireGuard, and has also been implemented in the OpenSSH secure networking suite.
Being a stream cipher, XSalsa20 encrypts each bit of data separately, which makes it much faster (and cheaper) than other types of encryption. By comparison, AES divides the data into blocks and then encrypts each block.
This is also why XSalsa20 (as well as XChaCha20) usually offers better performance than AES on systems where the CPU doesn't feature AES acceleration. If implemented purely in software without hardware acceleration, AES is very slow. Because of this hardware requirement, Salsa and ChaCha are preferred over AES in certain use cases, for example mobile devices, smart TVs, smartwatches, and more.
Last but certainly not least, ARX-based ciphers do not require lookup tables and are inherently immune to timing attacks, something that AES could be susceptible to if not implemented correctly.
Wrapping up
In terms of data security and encryption, both AES and XSalsa20 are good and strong cyphers. XSalsa, however, does have its advantages compared to AES when it comes to speed and ease of setup.
Got anything to add? Join our community on Reddit and share your thoughts!