/ˈiː-ɛe-dɛd/
n. “Encrypt it — and prove nobody touched it.”
AEAD, short for Authenticated Encryption with Associated Data, is a class of cryptographic constructions designed to solve two problems at the same time: confidentiality and integrity. It ensures that data is kept secret and that any unauthorized modification of that data is reliably detected.
Older cryptographic designs often treated these goals separately. Data would be encrypted using a cipher, then authenticated using a separate MAC algorithm. Done carefully, this could work — but it was fragile. Get the order wrong, reuse a nonce, authenticate the wrong fields, or forget to authenticate metadata, and the entire security model could collapse. AEAD exists to remove that footgun.
In an AEAD scheme, encryption and authentication are mathematically bound together. When data is encrypted, an authentication tag is produced alongside the ciphertext. The recipient must verify this tag before trusting or even attempting to decrypt the data. If verification fails, the data is discarded. No partial success. No ambiguity.
The “associated data” portion is subtle but powerful. It refers to information that should be authenticated but not encrypted. Examples include protocol headers, sequence numbers, or routing metadata. With AEAD, this data is protected against tampering without being hidden — a critical feature for modern network protocols.
Common AEAD constructions include ChaCha20-Poly1305 and AES-GCM. In ChaCha20-Poly1305, ChaCha20 handles encryption while Poly1305 generates the authentication tag. In AES-GCM, AES encrypts the data while Galois field math provides authentication. Different machinery — same promise.
AEAD has become the default expectation in modern cryptographic protocols. TLS 1.3 relies exclusively on AEAD cipher suites. WireGuard uses AEAD exclusively. This is not fashion — it is the accumulated lesson of decades of cryptographic mistakes.
Consider a secure message sent across a hostile network. Without AEAD, an attacker might not decrypt the message, but could flip bits, replay packets, or alter headers in ways that cause subtle and dangerous failures. With AEAD, even a single altered bit invalidates the entire message.
AEAD does not guarantee anonymity. It does not manage keys. It does not decide who should be trusted. It does one job, and it does it thoroughly: bind secrecy and authenticity together so they cannot be accidentally separated.
In modern cryptography, AEAD is not an enhancement — it is the baseline. Anything less is an invitation to rediscover old mistakes the hard way.