AEAD (Authenticated Encryption with Associated Data).

A symmetric encryption primitive that provides confidentiality, integrity, and authenticity in one operation, with the ability to bind unencrypted 'associated data' (headers, routing info) to the ciphertext's authentication tag. Относится к категории Криптография в кибербезопасности.

A symmetric encryption primitive that provides confidentiality, integrity, and authenticity in one operation, with the ability to bind unencrypted 'associated data' (headers, routing info) to the ciphertext's authentication tag.

Authenticated Encryption with Associated Data (AEAD) is the modern building block of symmetric cryptography. An AEAD scheme takes a key, a nonce, a plaintext, and arbitrary associated data (AD) and produces a ciphertext plus an authentication tag; on decryption it returns the plaintext only if the tag verifies, otherwise refusing. The associated data is authenticated but not encrypted, letting protocols bind unencrypted context such as packet headers, sequence numbers, or version metadata to the ciphertext without ever sending them encrypted. Compared to encrypt-then-MAC or MAC-then-encrypt compositions, AEAD eliminates whole classes of bugs (padding oracles, key reuse across MAC and cipher, ordering mistakes) and is what every modern protocol — TLS 1.3, QUIC, IPsec ESP-GCM, Signal, Noise, WireGuard, JWE — uses. The dominant AEAD schemes are AES-GCM and ChaCha20-Poly1305; nonce-misuse-resistant variants (AES-GCM-SIV) exist for use cases where the caller cannot guarantee unique nonces. Always prefer an AEAD over a homebrew encrypt-and-MAC composition.

Защита от AEAD (Authenticated Encryption with Associated Data) обычно сочетает технические меры и операционные практики, как описано в определении выше.

Распространённые альтернативные названия: Authenticated encryption, AEAD scheme.