Classical Algorithm Threat Models
Comprehensive threat analysis for 30 classical cryptographic algorithms, including their vulnerabilities to quantum attacks.
Hash Functions (11 algorithms)
SHA Family
- SHA-256 - 256-bit hash
- SHA-384 - 384-bit hash
- SHA-512 - 512-bit hash
- SHA3-256/512 - Keccak-based
- Keccak-256 - Ethereum variant
- SHAKE-256 - XOF
Blake Family
Specialized Hashes
Symmetric Encryption (8 algorithms)
AES Variants
- AES-256-GCM - Authenticated encryption
- AES-256-CTR - Counter mode
ChaCha Family
- ChaCha20 - Stream cipher
- ChaCha20-Poly1305 - AEAD
International Standards
- ARIA-256 - Korean standard
- Camellia-256 - Japanese standard
Lightweight Cryptography
Message Authentication (4 algorithms)
HMAC Variants
- HMAC-SHA256 - SHA-256 based
- HMAC-SHA512 - SHA-512 based
Polynomial MACs
Key Derivation (4 algorithms)
- HKDF-SHA256 - Extract-and-expand
- PBKDF2 - Password-based
- Argon2id - Memory-hard
- BLAKE3-KDF - Blake3-based
Digital Signatures & Key Exchange (5 algorithms)
EdDSA Variants
- Ed25519 - Edwards curve signature
- Ed25519-ZIP215 - ZIP-215 variant
- Sr25519 - Schnorr signature
Transitional RSA ⚠️
- RSA-2048 - DEPRECATED 2030 - Complete quantum vulnerability
Key Exchange
- X25519 - Curve25519 ECDH
Random Generation & Utilities (2 algorithms)
Quantum Threat Assessment
| Algorithm Category | Grover Impact | Shor Impact | Effective Security | Migration Priority |
|---|---|---|---|---|
| Hash Functions | √n speedup | None | 128→64 bits | Low |
| Symmetric Encryption | √n speedup | None | 256→128 bits | Low |
| MACs | √n speedup | None | 256→128 bits | Low |
| Key Derivation | √n speedup | None | Varies | Low |
| EdDSA/ECDH | √n speedup | Broken | 0 bits | Critical |
Classical Attack Vectors
Implementation Vulnerabilities
- Side Channels: Timing, power, EM, cache attacks
- Fault Injection: Bit flips, glitching, laser attacks
- Software Bugs: Buffer overflows, integer overflows
- RNG Weaknesses: Predictable or biased randomness
Protocol-Level Attacks
- Downgrade Attacks: Forcing weaker algorithms
- Replay Attacks: Reusing old messages
- Man-in-the-Middle: Intercepting communications
- Padding Oracle: Exploiting error messages
Cryptanalytic Advances
- Differential Cryptanalysis: Block cipher analysis
- Linear Cryptanalysis: Statistical attacks
- Algebraic Attacks: Equation solving
- Birthday Attacks: Hash collisions
Security Recommendations
For Quantum Resistance
- Symmetric Keys: Use 256-bit minimum (AES-256, ChaCha20-256)
- Hash Functions: Use 384-bit minimum for long-term security
- Digital Signatures: Migrate to PQC immediately
- Key Exchange: Migrate to PQC immediately
For Classical Security
- Authenticated Encryption: Always use AEAD modes
- Key Derivation: Use memory-hard functions for passwords
- Random Generation: Use hardware RNG when available
- Implementation: Always use constant-time implementations
Best Practices by Use Case
Data Encryption
- Short-term: AES-256-GCM or ChaCha20-Poly1305
- Long-term: Combine with PQC (hybrid approach)
- Lightweight: Ascon-128 for IoT devices
Authentication
- Speed Critical: Poly1305 or HMAC-SHA256
- High Security: HMAC-SHA512 or Blake3
- Compatibility: CMAC for legacy systems
Password Storage
- Recommended: Argon2id with appropriate parameters
- Legacy Support: PBKDF2 with high iteration count
- Avoid: Simple hashing (SHA, MD5)
Digital Signatures (Classical)
- ⚠️ WARNING: All classical signatures vulnerable to quantum attacks
- Current Use: Ed25519 for performance
- Migration Plan: Required for all applications
Compliance Considerations
Standards Compliance
- FIPS 140-3: AES, SHA-2/3, HMAC, ECDSA
- Common Criteria: Implementation certification
- Industry Standards: PCI-DSS, HIPAA requirements
Regional Requirements
- Korea: ARIA support may be required
- Japan: Camellia support for government
- EU: GDPR compliance for key management