LLMpediaThe first transparent, open encyclopedia generated by LLMs

EAX Mode

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: Cipher Block Chaining Hop 4
Expansion Funnel Raw 1 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted1
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
EAX Mode
NameEAX Mode
TypeAuthenticated encryption mode
DesignersByron Cook, Phil Rogaway
Introduced2003
Block cipherRecommends AES
PropertiesConfidentiality, authenticity, integrity, nonce-respecting

EAX Mode EAX Mode is an authenticated encryption construction combining confidentiality and authenticity for block ciphers, designed to be simple, provably secure, and nonce-respecting. It originated in 2003 and was promoted alongside standards and analyses by cryptographers and institutions in academic and standards communities. The design interacts with message authentication paradigms and block cipher primitives used widely across protocols and products.

Overview

EAX Mode was introduced by cryptographers and evaluated in venues and organizations associated with applied cryptography and standards development. The mode composes a block cipher like AES with universal hashing and MAC techniques, following security models discussed in publications and conferences such as CRYPTO, EUROCRYPT, and IEEE venues. EAX is compared in literature and deployments with other authenticated encryption designs advocated by groups around NIST, IETF, and ISO, and has been examined by researchers from universities and laboratories linked to work at IBM, Microsoft Research, and INRIA.

Design and Operation

EAX Mode builds on block cipher primitives and MAC constructions familiar to readers of works from researchers affiliated with UC Berkeley, MIT, and Stanford. The construction uses two passes: one for message authentication using a tweakable MAC-like combination inspired by CBC-MAC and OMAC developments, and one for encryption using counter-mode techniques related to CTR. The mode relies on a block cipher such as AES, which appears in standards from NIST and implementations in libraries maintained by OpenSSL, LibreSSL, and BoringSSL. Design principles reference provable-security frameworks developed in theoretical results by authors from ETH Zurich, IBM Research, and the University of California system.

Security Properties and Analysis

Security proofs for EAX Mode relate to IND-CPA and INT-CTXT notions that feature prominently in theoretical work from researchers at Princeton, Yale, and the University of Cambridge. Analyses compare EAX against modes such as GCM, CCM, and OCB, with security trade-offs discussed in papers from CRYPTO and EUROCRYPT contributors and in advisories from agencies like ANSSI and the US National Institute of Standards and Technology. The proofs consider nonce reuse, forgery bounds, and tag-length implications, echoing formal methods used by teams at MIT CSAIL, INRIA, and Max Planck Institute. Cryptanalysis and implementation pitfalls have been cataloged by practitioners from Red Hat, Google, and academia during security audits and penetration testing exercises.

Implementations and Performance

Implementations of EAX Mode are available in cryptographic libraries and toolkits maintained by projects and organizations such as OpenSSL, Botan, libgcrypt, and WolfSSL, and are used in reference code from academic groups at Stanford and ETH Zurich. Performance comparisons with GCM and CCM appear in benchmarks by vendors like Intel, ARM, and AMD, and in evaluations published by research labs including Microsoft Research and the University of Illinois. The performance profile depends on hardware acceleration features present in microarchitectures from Intel and ARM as well as on software optimizations from projects like BoringSSL, LibreSSL, and OpenSSH. Portability and implementation ease have led to usage in embedded stacks supported by vendors such as NXP, STMicroelectronics, and Texas Instruments.

Use Cases and Adoption

EAX Mode has been adopted in academic prototypes, experimental protocols, and some products where simplicity and provable security properties are preferred, paralleling deployments seen with AES-GCM and AES-CCM in standards bodies like IETF and IEEE. Use cases include secure messaging research at institutions such as MIT, Cornell, and Columbia, secure storage research in university labs, and constrained-device applications evaluated by committees at ETSI and the Internet Engineering Task Force. Adoption is influenced by comparisons to modes implemented in TLS stacks used by organizations such as Mozilla, Google, and Apple, and by policy decisions referenced in procurement by agencies and companies including the US Department of Defense and major cloud providers.

Category:Authenticated encryption