I want to bind ciphertext to its context
Modern encryption modes support associated data, which is authenticated but
not encrypted. This can be used to bind a ciphertext to a specific context.
Examples of binding ciphertext to associated data include:
Encrypting a database cell-by-cell (or column-by-column). This ensures the
cell's ciphertext is only valid in that specific cell. This prevents the
attacker from moving the ciphertext from one cell to another. In this example,
the ciphertext should be bound to the column_id and row_id for the given
database cell.
Storing ciphertexts in different clients lets you detect misbehavior if
Client A provides Client B's ciphertext for decryption. Here, the ciphertext
should be bound to the client's name.
Tink has several options for binding ciphertext to its context:
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-11-14 UTC.
[null,null,["Last updated 2024-11-14 UTC."],[[["Modern encryption techniques can authenticate additional data without encrypting it, ensuring data integrity and context."],["This \"associated data\" links ciphertext to its specific location or user, preventing unauthorized use or manipulation."],["Tink offers multiple encryption options, including AEAD, Streaming AEAD, Deterministic AEAD, and Hybrid Encryption, that support binding ciphertext to its context for enhanced security."],["Developers can utilize associated data to prevent attacks like ciphertext movement or unauthorized decryption by ensuring the ciphertext remains tied to its intended context."]]],["Encryption modes utilize associated data to authenticate but not encrypt, binding ciphertexts to specific contexts. This prevents ciphertext misuse. Examples include binding database cell data to `column_id` and `row_id` or binding data to a client's name. Tink offers this functionality through AEAD, Streaming AEAD, Deterministic AEAD with an associated data input and Hybrid encryption with a context info parameter. Decryption fails if the correct associated data is not provided.\n"]]
