SIV misuse-resistant AEAD
E437869
SIV misuse-resistant AEAD is a cryptographic scheme designed to provide authenticated encryption that remains secure even when nonces are misused or repeated.
All labels observed (2)
| Label | Occurrences |
|---|---|
| AES-GCM-SIV | 1 |
| SIV misuse-resistant AEAD canonical | 1 |
How this entity was disambiguated
This entity first appeared as the object of triple T4405003 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: SIV misuse-resistant AEAD Context triple: [Phillip Rogaway, notableWork, SIV misuse-resistant AEAD]
-
A.
Spritz cipher
Spritz cipher is a modern stream cipher and hash function designed by Ronald Rivest and Jacob Schuldt as a more secure and flexible successor to RC4.
-
B.
Carter–Wegman MACs
Carter–Wegman MACs are a family of message authentication codes that use universal hashing combined with a secret key to provide efficient and provably secure authentication.
-
C.
XChaCha20-Poly1305 AEAD construction
XChaCha20-Poly1305 AEAD construction is an authenticated encryption scheme that extends ChaCha20-Poly1305 with a longer nonce for improved security and robustness against nonce reuse.
-
D.
AES-GCM
AES-GCM is an authenticated encryption mode of the Advanced Encryption Standard that provides both data confidentiality and integrity, widely used in modern network and security protocols.
-
E.
Salsa20
Salsa20 is a high-speed stream cipher designed by Daniel J. Bernstein, widely used in modern cryptography for its strong security and efficient software performance.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: SIV misuse-resistant AEAD Target entity description: SIV misuse-resistant AEAD is a cryptographic scheme designed to provide authenticated encryption that remains secure even when nonces are misused or repeated.
-
A.
Spritz cipher
Spritz cipher is a modern stream cipher and hash function designed by Ronald Rivest and Jacob Schuldt as a more secure and flexible successor to RC4.
-
B.
Carter–Wegman MACs
Carter–Wegman MACs are a family of message authentication codes that use universal hashing combined with a secret key to provide efficient and provably secure authentication.
-
C.
XChaCha20-Poly1305 AEAD construction
XChaCha20-Poly1305 AEAD construction is an authenticated encryption scheme that extends ChaCha20-Poly1305 with a longer nonce for improved security and robustness against nonce reuse.
-
D.
AES-GCM
AES-GCM is an authenticated encryption mode of the Advanced Encryption Standard that provides both data confidentiality and integrity, widely used in modern network and security protocols.
-
E.
Salsa20
Salsa20 is a high-speed stream cipher designed by Daniel J. Bernstein, widely used in modern cryptography for its strong security and efficient software performance.
- F. None of above. chosen
Statements (48)
| Predicate | Object |
|---|---|
| instanceOf |
authenticated encryption with associated data scheme
ⓘ
misuse-resistant AEAD scheme ⓘ |
| advantageOver | traditional AEAD when nonces are repeated ⓘ |
| basedOn |
block cipher primitive
ⓘ
pseudorandom function ⓘ |
| comparedTo | standard AEAD modes like AES-GCM ⓘ |
| component |
PRF-based synthetic IV computation
ⓘ
counter-mode encryption or similar stream-like encryption ⓘ |
| definedIn | RFC 5297 NERFINISHED ⓘ |
| designFeature |
computes IV as a function of key, plaintext, and associated data
ⓘ
does not require unique nonces for security guarantees ⓘ encryption becomes deterministic for fixed key, plaintext, and associated data ⓘ |
| hasMode |
AES-GCM-SIV
NERFINISHED
ⓘ
AES-SIV NERFINISHED ⓘ |
| hasProperty |
deterministic encryption
ⓘ
nonce-misuse resistant ⓘ provides ciphertext integrity ⓘ provides plaintext authenticity ⓘ resists nonce reuse attacks on confidentiality ⓘ resists nonce reuse attacks on integrity ⓘ supports associated data ⓘ |
| introducedBy |
Phillip Rogaway
NERFINISHED
ⓘ
Thomas Shrimpton NERFINISHED ⓘ |
| introducedInPublication | Deterministic Authenticated-Encryption: A Provable-Security Treatment of the Key-Wrap Problem NERFINISHED ⓘ |
| introducedInYear | 2006 ⓘ |
| limitation |
ciphertexts are not semantically secure against multi-target attacks if plaintexts repeat
ⓘ
determinism can reveal equality of plaintexts under same key and associated data ⓘ |
| relatedConcept |
deterministic authenticated encryption
ⓘ
key wrap algorithms ⓘ nonce-based AEAD ⓘ |
| requires |
secret key
ⓘ
unique key for security proofs ⓘ |
| securityGoal |
authenticated encryption under nonce misuse
ⓘ
confidentiality of plaintext ⓘ integrity of associated data ⓘ integrity of ciphertext ⓘ |
| securityModel |
IND-CPA-like confidentiality under nonce misuse
ⓘ
INT-CTXT-like integrity under nonce misuse ⓘ provable security under standard cryptographic assumptions ⓘ |
| standardizedAs |
AES-GCM-SIV in RFC 8452
NERFINISHED
ⓘ
AES-SIV in RFC 5297 NERFINISHED ⓘ |
| tradeOff | higher computational cost than non-misuse-resistant AEAD ⓘ |
| useCase |
environments where nonce uniqueness cannot be reliably guaranteed
ⓘ
key wrapping ⓘ protocols with weak or stateful nonce management ⓘ storage encryption ⓘ |
| usesConstruction |
MAC-then-encrypt style design
ⓘ
synthetic IV ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: SIV misuse-resistant AEAD Description of subject: SIV misuse-resistant AEAD is a cryptographic scheme designed to provide authenticated encryption that remains secure even when nonces are misused or repeated.
Referenced by (2)
Full triples — surface form annotated when it differs from this entity's canonical label.