- Symmetric-key encryption: XSalsa20 (note: only authenticated encryption is available through Halite)
- Symmetric-key authentication: BLAKE2b (keyed)
- Asymmetric-key encryption: X25519 followed by symmetric-key authenticated encryption
- Asymmetric-key digital signatures: Ed25519
- Checksums: BLAKE2b
- Key splitting: HKDF-BLAKE2b
- Password-Based Key Derivation: Argon2
In all cases, we follow an Encrypt then MAC construction, thus avoiding the cryptographic doom principle.
As a consequence of our use of a keyed BLAKE2b hash as a MAC, instead of GCM/Poly1305, Halite ciphertexts are message committing which makes ciphertexts random key robust.