While our open source crypto library provides many cryptographic methods for the choosing, E3Kit uses a curated subset of them packaged into high-level methods to provide the most simple and secure end-to-end encryption.

Here's a list of the algorithms used by each cryptographic high-level method:

#### Registration (eThree.register)

Cryptographically strong random to generate key

ED25519 (RFC8032) to sign card

#### Encryption and Signing (eThree.encrypt)

Cryptographically strong random to generate symmetric key

ED25519 (RFC8032) to sign data

AES256 CBC (NIST SP 800-38D) for key wrapping

AES256 GCM (RFC3602) to encrypt data

Curve25519 (RFC7748) to generate shared secret

KDF2 (RFC2898) to derive keys

#### Decryption and Verification (eThree.decrypt)

ED25519 (RFC8032) to verify signature

AES256 CBC (NIST SP 800-38D) for key wrapping

AES256 GCM (RFC3602) to decrypt data

Curve25519 (RFC7748) to generate shared secret

KDF2 (RFC2898) to derive keys

#### Private Key Backup (eThree.backupPrivateKey)

*The algorithms listed above in the **Encryption and Signing (eThree.encrypt)** section, plus: *BLS12-381 (RFC) (Pythia)

#### Private Key Backup (eThree.restorePrivateKey)

*The algorithms listed above in the **Decryption and Verification (eThree.decrypt)** section, plus:*BLS12-381 (RFC) (Pythia)