Blockchain & Cryptocurrency Glossary

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

  • search-icon Clear Definitions
  • search-icon Practical
  • search-icon Technical
  • search-icon Related Terms

Authenticated Encryption with Associated Data

1 min read
Pronunciation
[aw-then-ti-key-tid en-krip-shuhn with uh-soh-see-ey-tid dey-tuh]
Analogy
Imagine sending your secret message in the special tamper-proof, sealed envelope (authenticated encryption). With AEAD, you can also write some public information on the *outside* of the envelope (like a header or routing information) and the recipient can verify that this public information hasn't been tampered with either, even though it wasn't secret.
Definition
A type of authenticated encryption that not only ensures confidentiality, integrity, and authenticity for the encrypted message (plaintext), but also provides integrity and authenticity for additional, unencrypted data (associated data).
Key Points Intro
AEAD extends authenticated encryption to protect the integrity of non-confidential associated data alongside the confidential plaintext.
Key Points

Provides confidentiality for the plaintext.

Provides integrity and authenticity for both the plaintext and the associated data (AD or AAD).

The associated data is authenticated but not encrypted, meaning it remains readable.

Useful for network protocols where some header information needs to be public but also protected from modification.

Most modern authenticated encryption modes (e.g., AES-GCM, ChaCha20-Poly1305) are actually AEAD schemes.

Example
In a secure network packet, the payload (actual data) might be encrypted and authenticated. The packet header (containing source/destination IP addresses, port numbers, etc.) is not encrypted (it's needed for routing) but can be included as associated data in an AEAD scheme. This ensures that an attacker cannot modify the header fields without the recipient detecting the tampering.
Technical Deep Dive
AEAD schemes take a key, a nonce, plaintext, and associated data as input. They output ciphertext and an authentication tag. The tag is computed over both the plaintext and the associated data. During decryption, the recipient provides the key, nonce, ciphertext, associated data, and the received tag. The scheme recomputes the tag and verifies it. If verification fails, the ciphertext is rejected. The associated data can be empty if not needed.
Security Warning
As with general Authenticated Encryption, nonce uniqueness for a given key is critical for AEAD schemes. Reusing a nonce can compromise security. The associated data is only integrity-protected, not confidentiality-protected.
Related Terms
AEAD
Authenticated Encryption
Encryption
Nonce

Authenticated Encryption with Associated Data - Related Articles

No related articles for this term.