Talk:Authenticated encryption

From Wikipedia, the free encyclopedia
Jump to: navigation, search

This article is pretty lame. It probably needs to be improved, since other articles, such as Block cipher modes of operation, link to it.


From Block cipher modes of operation: ... After observing that compositing a confidentiality mode with a authenticity mode could be difficult and error prone, the cryptographic community began to supply modes which combined confidentiality and data integrity into a single cryptographic primitive. The modes are referred to as authenticated encryption, AE, and authenc. Examples of authenticated encryption modes are CCM (SP800-38C), GCM (SP800-38D), CWC, EAX, IAPM, and OCB.

May 2002[edit]

Patents can be a bear for me because I'm not always aware of the minor legal issues. But I think this is one of the earliest Authenticated Encryption modes: US2003/0223585 A1, "Method and Apparatus for Performing Encryption and Authentication", May 2002 by Tardo and Matthews. It appears they perform the single pass operation (see the methods accompanying Figure 7), but it also appears that Authenticate and Encrypt (A&E) is performed. According to Krawczyk, A&E is insecure but I don't think it affects the legal standing of the "single pass" innovation.

May 2003[edit]

Kohno, Viega, Whiting, "CWC: A High-Performance Conventional Authenticated Encryption Mode", IACR, May 2003 (

December 2003[edit]

Jutla, "Encryption Modes with Almost Free Message Integrity", Journal of Cryptography, December 2003 (