Package com.google.crypto.tink

Interface DeterministicAead

  • All Known Implementing Classes:
    AesSiv, LegacyFullDeterministicAead
    public interface DeterministicAead
    Interface for Deterministic Authenticated Encryption with Associated Data (Deterministic AEAD).

    For why this interface is desirable and some of its use cases, see for example RFC 5297 section 1.3.

    Warning

    Unlike Aead, implementations of this interface are not semantically secure, because encrypting the same plaintex always yields the same ciphertext.

    Security guarantees

    Implementations of this interface provide 128-bit security level against multi-user attacks with up to 2^32 keys. That means if an adversary obtains 2^32 ciphertexts of the same message encrypted under 2^32 keys, they need to do 2^128 computations to obtain a single key.

    Encryption with associated data ensures authenticity (who the sender is) and integrity (the data has not been tampered with) of that data, but not its secrecy. (see RFC 5116)

    Since:
    1.1.0

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      byte[] decryptDeterministically​(byte[] ciphertext, byte[] associatedData)
      Deterministically decrypts ciphertext with associatedData as associated authenticated data.
      byte[] encryptDeterministically​(byte[] plaintext, byte[] associatedData)
      Deterministically encrypts plaintext with associatedData as associated authenticated data.

    • Method Detail

      • encryptDeterministically

        byte[] encryptDeterministically​(byte[] plaintext,
                                byte[] associatedData)
                         throws java.security.GeneralSecurityException
        Deterministically encrypts plaintext with associatedData as associated authenticated data.

        Warning

        Encrypting the same plaintext multiple times protects the integrity of that plaintext, but confidentiality is compromised to the extent that an attacker can determine that the same plaintext was encrypted.

        The resulting ciphertext allows for checking authenticity and integrity of associated data (associatedData), but does not guarantee its secrecy.

        Returns:
        resulting ciphertext
        Throws:
        java.security.GeneralSecurityException

      • decryptDeterministically

        byte[] decryptDeterministically​(byte[] ciphertext,
                                byte[] associatedData)
                         throws java.security.GeneralSecurityException
        Deterministically decrypts ciphertext with associatedData as associated authenticated data.

        The decryption verifies the authenticity and integrity of the associated data, but there are no guarantees wrt. secrecy of that data.

        Returns:
        resulting plaintext
        Throws:
        java.security.GeneralSecurityException