RFC 5116 - An Interface and Algorithms for Authenticated Encryption

Network Working Group
Request for Comments: 5116
Category: Standards Track
D. McGrew
Cisco Systems, Inc.
January 2008

Status of This Memo

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

Abstract

This document defines algorithms for Authenticated Encryption with Associated Data (AEAD), and defines a uniform interface and a registry for such algorithms. The interface and registry can be used as an application-independent set of cryptoalgorithm suites. This approach provides advantages in efficiency and security, and promotes the reuse of crypto implementations.

Contents

• 1. Introduction
  • 1.1. Background
  • 1.2. Scope
  • 1.3. Benefits
  • 1.4. Conventions Used in This Document
• 2. AEAD Interface
  • 2.1. Authenticated Encryption
  • 2.2. Authenticated Decryption
  • 2.3. Data Formatting
• 3. Guidance on the Use of AEAD Algorithms
  • 3.1. Requirements on Nonce Generation
  • 3.2. Recommended Nonce Formation
    • 3.2.1. Partially Implicit Nonces
  • 3.3. Construction of AEAD Inputs
  • 3.4. Example Usage
• 4. Requirements on AEAD Algorithm Specifications
• 5. AEAD Algorithms
  • 5.1. AEAD_AES_128_GCM
    • 5.1.1. Nonce Reuse
  • 5.2. AEAD_AES_256_GCM
  • 5.3. AEAD_AES_128_CCM
    • 5.3.1. Nonce Reuse
  • 5.4. AEAD_AES_256_CCM
• 6. IANA Considerations
• 7. Other Considerations
• 8. Security Considerations
• 9. Acknowledgments
• 10. References
  • 10.1. Normative References
  • 10.2. Informative References
• Author's Address
• Full Copyright Statement
• Intellectual Property