Inferensys

Glossary

AEAD

Authenticated Encryption with Associated Data, a cryptographic primitive that simultaneously provides confidentiality, integrity, and authenticity for a message and its context.
Data scientist building training data pipeline on laptop, data preprocessing visible, technical workspace.
CRYPTOGRAPHIC PRIMITIVE

What is AEAD?

Authenticated Encryption with Associated Data (AEAD) is a cryptographic primitive that simultaneously provides confidentiality, integrity, and authenticity for a message and its context.

AEAD is a form of encryption that combines a symmetric cipher with a Message Authentication Code (MAC) in a single, secure operation. It encrypts the plaintext to provide confidentiality and generates an authentication tag to verify integrity and authenticity. Crucially, it binds unencrypted metadata—the 'associated data'—to the ciphertext, ensuring that contextual information like network headers cannot be tampered with without detection.

Modern AEAD algorithms like AES-GCM and ChaCha20-Poly1305 are the standard for secure network protocols such as TLS 1.3 and QUIC. Unlike older encrypt-then-MAC constructions, AEAD modes are designed to prevent subtle implementation errors. The authentication tag is verified before any plaintext is released, eliminating padding oracle attacks and ensuring that an agent receiving a message can cryptographically confirm it has not been modified or replayed.

CRYPTOGRAPHIC PRIMITIVES

Key Properties of AEAD Ciphers

Authenticated Encryption with Associated Data (AEAD) provides a unified construction that simultaneously guarantees confidentiality, integrity, and authenticity. These properties are non-negotiable for secure inter-agent communication.

01

Confidentiality

Ensures the plaintext remains secret from unauthorized parties. AEAD ciphers use symmetric encryption algorithms like AES-GCM or ChaCha20-Poly1305 to render the message unintelligible to any observer who does not possess the shared secret key. The ciphertext reveals no information about the original plaintext, protecting sensitive agent payloads during transit.

02

Integrity

Guarantees that the ciphertext has not been tampered with in transit. AEAD appends a Message Authentication Code (MAC) generated during encryption. Upon decryption, the MAC is recomputed and verified. If a single bit has been flipped or modified by an adversary, the verification fails, and the ciphertext is rejected outright.

03

Authenticity

Cryptographically verifies the origin of the message. Because the MAC is computed using a symmetric key known only to the communicating parties, a valid tag proves the sender possessed the secret key. This prevents agent impersonation attacks where a rogue service attempts to inject commands into an agent mesh network.

04

Associated Data Binding

Binds metadata to the encrypted payload. Associated Data (AD)—such as message headers, routing information, or protocol version numbers—is authenticated but not encrypted. This prevents attackers from splicing a valid ciphertext into a different context or replaying it with modified headers, a critical defense against context confusion attacks.

05

Nonce-Based Uniqueness

Requires a unique initialization vector (nonce) per encryption operation under the same key. Reusing a nonce with AES-GCM is catastrophic, completely breaking the authentication security. Implementations must use a counter or cryptographically random nonce to ensure deterministic safety, often leveraging SPIFFE-issued workload identities for key rotation.

06

All-or-Nothing Decryption

Prevents the release of unauthenticated plaintext. Unlike traditional encrypt-then-MAC constructions, AEAD ciphers do not output any decrypted data until the authentication tag is fully verified. This eliminates padding oracle attacks and other side-channel vulnerabilities that arise from processing malicious ciphertext before integrity is confirmed.

AEAD PRIMER

Frequently Asked Questions

Essential questions and answers about Authenticated Encryption with Associated Data, the cryptographic primitive that underpins secure inter-agent communication.

AEAD, or Authenticated Encryption with Associated Data, is a cryptographic primitive that simultaneously provides confidentiality, integrity, and authenticity for a message. It encrypts the plaintext to produce ciphertext while also generating an authentication tag that verifies the ciphertext has not been tampered with. Crucially, AEAD binds associated data—metadata like headers, sender identity, or session context—to the encrypted message. This associated data is authenticated but not encrypted, allowing routers and proxies to inspect it without decryption. The decryption operation will fail if any bit of the ciphertext or associated data is altered, preventing chosen-ciphertext attacks. Common constructions include AES-GCM, ChaCha20-Poly1305, and AES-OCB, each combining a block or stream cipher with a message authentication code in a provably secure composition.

CRYPTOGRAPHIC PRIMITIVES

Common AEAD Cipher Examples

Several widely deployed algorithms provide Authenticated Encryption with Associated Data. Each offers distinct performance profiles, security margins, and hardware acceleration support, making them suitable for different inter-agent communication architectures.

01

AES-GCM

The most widely adopted AEAD cipher, combining the Advanced Encryption Standard (AES) block cipher in Galois/Counter Mode. It provides high throughput, especially on modern x86 and ARM processors with AES-NI and CLMUL instruction sets.

  • Operation: Encrypts plaintext in counter mode, then computes a GHASH-based authentication tag over the ciphertext and associated data.
  • Standardization: NIST SP 800-38D.
  • Critical Constraint: Catastrophic failure if a nonce is ever reused with the same key. A 96-bit nonce is standard.
96-bit
Standard Nonce Length
128-bit
Authentication Tag
02

ChaCha20-Poly1305

A high-speed AEAD cipher designed for software implementations without dedicated hardware acceleration. It combines the ChaCha20 stream cipher with the Poly1305 one-time authenticator.

  • Operation: A ChaCha20 block generates a key stream for encryption and a one-time Poly1305 key. Poly1305 then authenticates the ciphertext and associated data.
  • Standardization: IETF RFC 8439.
  • Key Advantage: Constant-time software implementation resistant to cache-timing attacks, making it ideal for mobile agents and edge devices.
256-bit
Key Size
96-bit
Nonce
03

AES-CCM

A combined encryption and authentication mode using AES in Counter with CBC-MAC (CCM). It uses the same block cipher key for both operations, simplifying key management but requiring two AES passes per block.

  • Operation: First computes a CBC-MAC over the associated data and plaintext, then encrypts the plaintext and MAC in counter mode.
  • Standardization: NIST SP 800-38C.
  • Use Case: Common in constrained IoT and IEEE 802.11i (WPA2) protocols where code size is a primary concern and throughput demands are lower.
2x
AES Passes per Block
128-bit
Block Size
04

AEGIS-128L

A high-performance AEAD cipher built from the AES round function, offering exceptional speed on CPUs with vector AES instructions. It processes multiple blocks in parallel, significantly outperforming AES-GCM on modern server hardware.

  • Operation: Uses a state of five 128-bit registers updated with AES rounds, encrypting plaintext and generating an authentication tag in a single pass.
  • Standardization: Finalist in the NIST lightweight cryptography competition and specified in IETF RFC 9472.
  • Advantage: Provides forgery security beyond the birthday bound, unlike GCM's GHASH.
128-bit
Security Level
256-bit
Tag Size
05

OCB3

An offset codebook mode that provides authenticated encryption in a single pass over the data, offering optimal efficiency with minimal ciphertext expansion. It is heavily patented, which historically limited open-source adoption.

  • Operation: Uses a block cipher to encrypt plaintext blocks with a nonce-dependent offset, then computes a tag from a checksum of the plaintext.
  • Standardization: ISO/IEC 19772.
  • Efficiency: Requires only one block cipher invocation per block of plaintext plus one extra for tag finalization, making it theoretically optimal for single-pass AE.
1
Passes per Block
Variable
Tag Length
CRYPTOGRAPHIC PRIMITIVE COMPARISON

AEAD vs. Other Encryption Approaches

Comparing Authenticated Encryption with Associated Data against confidentiality-only and non-authenticated encryption schemes across critical security properties.

FeatureAEADEncrypt-then-MACCBC ModeCTR Mode

Confidentiality

Integrity

Authenticity

Associated Data Binding

Resistant to Padding Oracle

Resistant to Chosen Ciphertext

Single Primitive Construction

Typical Overhead

16 bytes

32-48 bytes

16 bytes

16 bytes

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.