Trait tink_core::DeterministicAead

source ·

pub trait DeterministicAead: DeterministicAeadBoxClone {
    // Required methods
    fn encrypt_deterministically(
        &self,
        plaintext: &[u8],
        additional_data: &[u8]
    ) -> Result<Vec<u8>, TinkError>;
    fn decrypt_deterministically(
        &self,
        ciphertext: &[u8],
        additional_data: &[u8]
    ) -> Result<Vec<u8>, TinkError>;
}

Expand description

DeterministicAead is the interface for deterministic authenticated encryption with associated data.

Warning

Unlike AEAD, implementations of this trait are not semantically secure, because encrypting the same plaintext always yields the same ciphertext.

Implementations of this trait provide 128-bit security level against multi-user attacks with up to 2^32 keys. That means if an adversary obtains 2^32 ciphertexts of the same message encrypted under 2^32 keys, they need to do 2^128 computations to obtain a single key.

Encryption with associated data ensures authenticity (who the sender is) and integrity (the data has not been tampered with) of that data, but not its secrecy.

References

Required Methods§

source

fn encrypt_deterministically( &self, plaintext: &[u8], additional_data: &[u8] ) -> Result<Vec<u8>, TinkError>

Deterministical encrypt plaintext with additional_data as additional authenticated data. The resulting ciphertext allows for checking authenticity and integrity of additional data additional_data, but there are no guarantees wrt. secrecy of that data.

source

fn decrypt_deterministically( &self, ciphertext: &[u8], additional_data: &[u8] ) -> Result<Vec<u8>, TinkError>

Deterministically decrypt ciphertext with additional_data as additional authenticated data. The decryption verifies the authenticity and integrity of the additional data, but there are no guarantees wrt. secrecy of that data.

Trait Implementations§

source §

impl From<Primitive> for Box<dyn DeterministicAead>