tarcieri
commented
4 years ago xsalsa20poly1305 could benefit from this, as it doesn't support AAD
Open newpavlov opened 4 years ago
tarcieri
commented
4 years ago xsalsa20poly1305 could benefit from this, as it doesn't support AAD
2over12
commented
3 years ago libInterMAC provides a reference implementation for transforming AEADs into algorithms with strong security in the presence of ciphertext fragmentation https://tosc.iacr.org/index.php/ToSC/article/view/7397. This algorithm would benefit from these traits, because associated data cannot be allowed by the algorithm, otherwise it would be trivially broken in BH-sfCFA. From an API perspective this algorithm looks like authenticated encryption without associated data.
Currently we don't have traits/types for authenticated encryption (without associated data). We could implement EtM, E&M and MTE constructs generically over stream ciphers/block modes and MACs. But it's not clear if we should follow
block-modeshere and add implementations and traits into a single crait, or add AE trait(s) to theaeadcrate.