AES has been around since 2001, and it is still going strong. But, there are alternatives, including with ChaCha20 and AEGIS, and where the mighty Bart Preneel co-authored a paper on AEGIS [here][1]:
The paper is [here][1]:
Overall, AEGIS-128L and AEGIS-256 are AES-based cyphers which integrate an authentication tag, and where each message can have a unique identifier. The nonce value is also relatively large, with a 128-bit nonce for AEGIS-128L and a 256-bit nonce for AEGIS-256, and has a better security margin than AES-GCM. Overall, we can leak the state of the cipher process, but that will not leak the key, and has been shown to have a fast operation with AES-enhanced processors, and with a lower memory requirement than AES-GCM.
libsodium.js is a sodium crypto library that is compiled to WASM (WebAssembly) and uses the same sodium methods as the Python port. Overall, libsodium uses either AEGIS-128l, AEGIS-256 or XChaCha20. With this…
