說明

AEAD is a variant of AE (Authenticated Encryption)

    where the data to be encrypted needs both authentication and integrity as opposed to just integrity.

* Authenticated encryption schemes can recognize improperly-constructed ciphertexts and refuse to decrypt them

目前 shadowsocks 支援的 AEAD(@2023)

• aes-256-gcm
• aes-192-gcm
• aes-128-gcm
• chacha20-ietf-poly...
• xchacha20-ietf-poly...

MAC

A message authentication code (MAC), sometimes known as a tag,

is a short piece of information used to authenticate a message

authenticated encryption can be generically constructed by combining an encryption scheme and a message authentication code

The MAC value protects both a message's data integrity as well as its authenticity,

by allowing verifiers (who also possess the secret key) to detect any changes to the message content.

Approaches to AE(authenticated encryption)

Encrypt-then-MAC (EtM)    # 1 條 KEY for Encrypt; 1 條 KEY for MAC
                                       # enc(data,Key1), hash(enc(data),Key2)
                                       # 代表: IPSec

Encrypt-and-MAC (E&M)   # 1 條 KEY 同時 Encrypt & MAC
                                      # enc(data, key) + hash(data, key)

MAC-then-Encrypt (MtE)   # 1 條 KEY 同時 Encrypt & MAC
                                      # enc(data+hash(data, key), key)
                                      # SSL / TLS