The Particle cloud uses RSA for session key exchange and authentication and then AES for data encryption for all cloud transactions. Each device has its own copy of the Particle cloud public key and its own private key. I don’t know of a doc reference but the source code is all on github for anyone to see.
For you own encryption, if you need it, you will eventually be able to use the same built-in crypto routines used by the cloud (I am just not sure if they have been added to user-visible set of functions in the HAL yet) or you could the community authored HTTPS client. Search the forum here for HTTPS client for details–it uses a slightly differenly licensed crypto library.