traits icon indicating copy to clipboard operation
traits copied to clipboard
verified publisher icon RustCrypto

Authenticated encryption (without AAD)

Open newpavlov opened this issue 5 years ago • 2 comments

Currently we don't have traits/types for authenticated encryption (without associated data). We could implement EtM, E&M and MTE constructs generically over stream ciphers/block modes and MACs. But it's not clear if we should follow block-modes here and add implementations and traits into a single crait, or add AE trait(s) to the aead crate.

newpavlov avatar Aug 14 '20 11:08 newpavlov

xsalsa20poly1305 could benefit from this, as it doesn't support AAD

tarcieri avatar Aug 14 '20 15:08 tarcieri

libInterMAC provides a reference implementation for transforming AEADs into algorithms with strong security in the presence of ciphertext fragmentation https://tosc.iacr.org/index.php/ToSC/article/view/7397. This algorithm would benefit from these traits, because associated data cannot be allowed by the algorithm, otherwise it would be trivially broken in BH-sfCFA. From an API perspective this algorithm looks like authenticated encryption without associated data.

2over12 avatar Apr 25 '21 16:04 2over12