RustCrypto / traits

Collection of cryptography-related traits
581 stars 190 forks source link

Authenticated encryption (without AAD) #261

Open newpavlov opened 4 years ago

newpavlov commented 4 years ago

Currently we don't have traits/types for authenticated encryption (without associated data). We could implement EtM, E&M and MTE constructs generically over stream ciphers/block modes and MACs. But it's not clear if we should follow block-modes here and add implementations and traits into a single crait, or add AE trait(s) to the aead crate.

tarcieri commented 4 years ago

xsalsa20poly1305 could benefit from this, as it doesn't support AAD

2over12 commented 3 years ago

libInterMAC provides a reference implementation for transforming AEADs into algorithms with strong security in the presence of ciphertext fragmentation https://tosc.iacr.org/index.php/ToSC/article/view/7397. This algorithm would benefit from these traits, because associated data cannot be allowed by the algorithm, otherwise it would be trivially broken in BH-sfCFA. From an API perspective this algorithm looks like authenticated encryption without associated data.