What is the the point of an \"online\" mode for an authenticated cipher? I under

Question

What is the the point of an "online" mode for an authenticated cipher?

I understand what "online" means in this context. However, I have trouble coming up with applications that would benefit from such a feature.

Usually, the "messages" that are encrypted and authenticated are not too long and I think that this is due to people not wanting to decrypt "big messages" completely only to throw them away if the tag is finally invalid. So, at least for network protocols, it seems like a very good idea to insert authentication tags more frequently.

But this strategy makes the "online" feature of some AE implementation seem irrelevant especially since support for online modes makes the implementation more complicated.

Explanation / Answer

The usefulness of online AE (locally):
Assume you wrote a program that encrypt arbitrary files. Now further assume the user wants to view a movie, encrypted with this tool. The tool can now use the online-property to stream the movie in real-time as it uses online-encryption.

The usefulness of online AE (programatically):
Assume you want to process sensitive data. If your cipher supports online AE it can wipe the data after having written / read it an thus presents less attack surface.

The usefulness of online AE (network related):
Assume you stream a movie. You can now use the online AE feature to minimize the RAM needed (and thus give more RAM to the video decoder) and you can present the user with better loading times.

All in all:
Online-AE reduces memory usage and latency for applictions.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.