Resources on (AEAD) encryption

matheus23 · January 25, 2023, 3:23pm

General stuff

stands for “authenticated encryption with associated data”

Authenticated Encryption (AE)
- I.e. “MACs built-in to encryption”
- Prevents the ciphertext that was transmitted to you from being tampered with by a third party that doesn’t know the key. This can break the overall security of your system in unexpected ways.
- Also prevents padding oracle attacks that even recover the key.
- XML Encryption famously broke due to lacking authentication: https://www.nds.rub.de/media/nds/veroeffentlichungen/2011/10/22/HowToBreakXMLenc.pdf
Associated Data (AD)
- Prevents the ciphertext from being “pulled out of context” by a third party that doesn’t know the key.
- A good crypto stackoverflow answer on why this can be dangerous: encryption - What is the purpose of associated authenticated data in AEAD? - Information Security Stack Exchange

Also interesting, but not captured in “AEAD” is probabilistic encryption:

Prevents the same message to have the same ciphertext when encrypted twice with the same key.
Usually achieved by providing a nonce (sometimes called initialization vector) that is either randomly generated or incremented for every message with a given random key.

Most ciphers are probabilistic (or “non-deterministic”). So why are some ciphers deterministic?

You might not need additional randomness if your messages are inherently random, e.g. when you’re doing key-wrapping.
To provide non-determinism you need to attach a random nonce to your ciphertext. Deterministic encryption ciphertexts thus tend to be shorter.

expede · January 27, 2023, 6:24pm

Amazing! Thanks for putting this together @matheus23

pinkforest · January 29, 2023, 3:43am

Nice! thx for the resources @matheus23

fwiw - Rust AEAD go-to list: