For why this interface is desirable and some of its use cases, see for example RFC 5297 section 1.3. * *
Unlike {@link Aead}, implementations of this interface are not semantically secure, because * encrypting the same plaintex always yields the same ciphertext. * *
Implementations of this interface provide 128-bit security level against multi-user attacks * with up to 2^32 keys. That means if an adversary obtains 2^32 ciphertexts of the same message * encrypted under 2^32 keys, they need to do 2^128 computations to obtain a single key. * *
Encryption with associated data ensures authenticity (who the sender is) and integrity (the * data has not been tampered with) of that data, but not its secrecy. (see RFC 5116) * * @since 1.1.0 */ public interface DeterministicAead { /** * Deterministically encrypts {@code plaintext} with {@code associatedData} as associated * authenticated data. * *
Warning * *
Encrypting the same {@code plaintext} multiple times protects the integrity of that * plaintext, but confidentiality is compromised to the extent that an attacker can determine that * the same plaintext was encrypted. * *
The resulting ciphertext allows for checking authenticity and integrity of associated data * ({@code associatedData}), but does not guarantee its secrecy. * * @return resulting ciphertext */ byte[] encryptDeterministically(final byte[] plaintext, final byte[] associatedData) throws GeneralSecurityException; /** * Deterministically decrypts {@code ciphertext} with {@code associatedData} as associated * authenticated data. * *
The decryption verifies the authenticity and integrity of the associated data, but there are * no guarantees wrt. secrecy of that data. * * @return resulting plaintext */ byte[] decryptDeterministically(final byte[] ciphertext, final byte[] associatedData) throws GeneralSecurityException; }