Trait tink_core::DeterministicAead

pub trait DeterministicAead: DeterministicAeadBoxClone {
    pub fn encrypt_deterministically(
        &self, 
        plaintext: &[u8], 
        additional_data: &[u8]
    ) -> Result<Vec<u8>, TinkError>;
    pub fn decrypt_deterministically(
        &self, 
        ciphertext: &[u8], 
        additional_data: &[u8]
    ) -> Result<Vec<u8>, TinkError>;
}

DeterministicAead is the interface for deterministic authenticated encryption with associated data.

Warning

Unlike AEAD, implementations of this trait are not semantically secure, because encrypting the same plaintex always yields the same ciphertext.

Security guarantees

Implementations of this trait provide 128-bit security level against multi-user attacks with up to 2^32 keys. That means if an adversary obtains 2^32 ciphertexts of the same message encrypted under 2^32 keys, they need to do 2^128 computations to obtain a single key.

Encryption with associated data ensures authenticity (who the sender is) and integrity (the data has not been tampered with) of that data, but not its secrecy.

References

• [RFC 5116](https://tools.ietf.org/html/rfc5116_
• RFC 5297 s1.3

Required methods

pub fn encrypt_deterministically(
    &self,
    plaintext: &[u8],
    additional_data: &[u8]
) -> Result<Vec<u8>, TinkError>

pub fn decrypt_deterministically(
    &self,
    ciphertext: &[u8],
    additional_data: &[u8]
) -> Result<Vec<u8>, TinkError>

Loading content...

Implementors

Loading content...