public interface DeterministicAead
For why this interface is desirable and some of its use cases, see for example RFC 5297 section 1.3.
Unlike Aead, implementations of this interface are not semantically secure, because
encrypting the same plaintex always yields the same ciphertext.
Implementations of this interface provide 128-bit security level against multi-user attacks with up to 2^32 keys. That means if an adversary obtains 2^32 ciphertexts of the same message encrypted under 2^32 keys, they need to do 2^128 computations to obtain a single key.
Encryption with associated data ensures authenticity (who the sender is) and integrity (the data has not been tampered with) of that data, but not its secrecy. (see RFC 5116)
| Modifier and Type | Method and Description |
|---|---|
byte[] |
decryptDeterministically(byte[] ciphertext,
byte[] associatedData)
Deterministically decrypts
ciphertext with associatedData as associated
authenticated data. |
byte[] |
encryptDeterministically(byte[] plaintext,
byte[] associatedData)
Deterministically encrypts
plaintext with associatedData as associated
authenticated data. |
byte[] encryptDeterministically(byte[] plaintext,
byte[] associatedData)
throws GeneralSecurityException
plaintext with associatedData as associated
authenticated data.
Warning
Encrypting the same plaintext multiple times protects the integrity of that
plaintext, but confidentiality is compromised to the extent that an attacker can determine that
the same plaintext was encrypted.
The resulting ciphertext allows for checking authenticity and integrity of associated data
(associatedData), but does not guarantee its secrecy.
GeneralSecurityExceptionbyte[] decryptDeterministically(byte[] ciphertext,
byte[] associatedData)
throws GeneralSecurityException
ciphertext with associatedData as associated
authenticated data.
The decryption verifies the authenticity and integrity of the associated data, but there are no guarantees wrt. secrecy of that data.
GeneralSecurityException