Some property names are too generic

[jedisct1]

Some of the currently listed properties can be confusing when used in another I-D. In particular:

• Online
• Incremental
• Robust

These generic adjectives can be used in contexts unrelated to the way they are defined in this document.

[AndAlBo]

It seems like there is no good way to improve that. Online and incremental AEADs are rather established terms, while for robust I couldn't find any relevant synonyms (even though 'robust' is indeed a confusing name). Luckily, two of those three were moved to the Appendix.

[jedisct1]

"online" has a very different meaning in protocols, and is used interchangeably with "interactive". Even in something that specifically documents an AEAD, "this AEAD is online" is not something that can be easily written.

It would be very confusing ("does it requires a cloud service and a subscription to be used?").

In implementations, APIs leveraging this property will be exposed and documented as "streaming APIs" or "incremental APIs", never "online APIs" as no one would get that terminology.

"streaming capable" would better describe that property, but doesn't sound so great. Maybe the amazing @samuel-lucas6 has some ideas?

"Robust" is well-defined in Rogaway's papers, not so much everywhere else, where it's used a generic way to describe something that improves security.

For example, injecting the key in the finalization step of ASCON is described as a way to "improve robustness", even though it has nothing to do with Rogaway's definition.

Maybe "expandable ciphertext"?

[AndAlBo]

"streaming capable" would better describe that property, but doesn't sound so great.

I was considering just "streaming" like in Streaming AEAD, but it seems that there might be the same problems as with 'online'. Since 'online' is quite popular among researchers, the new name has to be very good, but I can't think of one.

Maybe "expandable ciphertext"?

That one perfectly describes what robust AE does functionally, but it loses shade of security variability of RAE. It should be something like 'optimally secure variable ciphertext expansion AEAD', though it is too bulky.

[jedisct1]

Maybe explicitly write "Robust Authenticated Encryption (RAE)", rather than just "Robust".

[samuel-lucas6]

Online and incremental AEADs are rather established terms, while for robust I couldn't find any relevant synonyms (even though 'robust' is indeed a confusing name).

I agree with both of you. They're established terms, but people keep using the words to mean different things within and outside cryptography. As another example, online authenticated encryption (OAE) is not the same as an AEAD being online.

"streaming capable" would better describe that property, but doesn't sound so great. Maybe the amazing @samuel-lucas6 has some ideas?

Rogaway has referred to it as On-line, and I think that was the original spelling of the property. Nobody spells online like that, so that sort of differentiates it, although people could think you're just writing online weirdly.

Perhaps Streamable? As opposed to Streaming AEAD, which is not a property. At least the two words are different compared to with OAE.

Maybe explicitly write "Robust Authenticated Encryption (RAE)", rather than just "Robust".

I think this would be better. Robust/robustness are used all over the place.

In implementations, APIs leveraging this property will be exposed and documented as "streaming APIs" or "incremental APIs"

If going with the above, it might make sense to say Incremental Authenticated Encryption. I'm not sure how you'd get around the incremental API overlap. Maybe Incrementality? 'An AEAD has Incrementality if...'.

[AndAlBo]

Rogaway has referred to it as On-line, and I think that was the original spelling of the property.

Oh, that's very interesting, thanks! However, I agree that no one would likely notice that difference, especially in the draft context.

Perhaps Streamable?

I guess this is the best option. I see the point in renaming 'online,' so let it be so.

Maybe explicitly write "Robust Authenticated Encryption (RAE)", rather than just "Robust".

That would be much better, yes. I will also rename 'Incremental' accordingly, as Lucas proposes. Since that section introduces new algorithm classes rather than properties explicitly, it would fit.

Frank, Lucas, thank you a lot!