AEAD Comparison

From Crypto++ Wiki
Jump to navigation Jump to search

In 2004, Dr. David Wagner presented a paper at IACR which discussed 4th generation authenticated encryption modes such as CCM, GCM, EAX, and CWC. In addition, a presentation was offered which included a Compare and Contrast of the modes. The slide below was shamelessly taken from Dr. Wagner's presentation.

The "unpatented" row was important because OCB was patented by Dr. Rogaway. Around 2013 Dr. Rogaway released OCB mode to public domain. The row is not important nowadays.

OCB is still the gold standard in AEAD schemes because it is a "single pass" mode. The data is consumed once, and it is both encrypted and authenticated at the same time. That was the novelty for the patent. The modes in the chart below are all "two pass" to avoid the Rogaway patent. The modes in the chart process the data twice - once for encryption and once for authentication.

Comparison of AEAD modes of operation

Retrieved from "https://www.cryptopp.com/w/index.php?title=AEAD_Comparison&oldid=29507"