15
Authenticated Encryption
In the previous chapter, we learned about block ciphers, including the popular AES algorithm, which was standardized by NIST in 2001 and is the workhorse of bulk data encryption on the internet. We also covered the most popular modes of operation of block ciphers.
In this chapter, we will study an advanced concept called Authenticated Encryption with Additional Data (AEAD) that is closely linked to modes of operation. AEAD is a fundamental technique used to protect the TLS Record protocol data in TLS 1.3. Unlike the modes of operation discussed in the previous chapter, AEAD combines encryption and message authentication within a single cryptographic algorithm. As a result, in TLS 1.3, AEAD ensures both the confidentiality and the authenticity of ciphertexts transmitted by Alice and Bob.
Note that earlier versions of TLS use a different scheme to ensure confidentiality and authenticity, namely MAC-then-encrypt (see Section 15.2.2, MAC-then-encrypt, in this...