Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

Usage Limits on AEAD Algorithms
draft-irtf-cfrg-aead-limits-11

Versions:

This document is an Internet-Draft (I-D) that has been submitted to the Internet Research Task Force (IRTF) stream. This I-D is not endorsed by the IETF and has no formal standing in the IETF standards process.

Document	Type	Expired Internet-Draft (cfrg RG) Expired & archived
	Authors	Felix Günther , Martin Thomson , Christopher A. Wood
	Last updated	2026-06-07 (Latest revision 2025-12-04)
	Replaces	draft-wood-cfrg-aead-limits
	RFC stream	Internet Research Task Force (IRTF)
	Intended RFC status	Informational
	Formats	txt html xml htmlized bibtex bibxml
	Additional resources	Mailing list discussion
Stream	IRTF state	In RG Last Call
	Consensus boilerplate	Unknown
	Document shepherd	(None)
IESG	IESG state	Expired
	Telechat date	(None)
	Responsible AD	(None)
	Send notices to	(None)

Email authors Email RG IPR References Referenced by Nits Search email archive

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:

txt html xml htmlized bibtex bibxml

Abstract

An Authenticated Encryption with Associated Data (AEAD) algorithm provides confidentiality and integrity. Excessive use of the same key can give an attacker advantages in breaking these properties. This document provides simple guidance for users of common AEAD functions about how to limit the use of keys in order to bound the advantage given to an attacker. It considers limits in both single- and multi-key settings.

Authors

Felix Günther
Martin Thomson
Christopher A. Wood

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)

Usage Limits on AEAD Algorithms draft-irtf-cfrg-aead-limits-11

Usage Limits on AEAD Algorithms
draft-irtf-cfrg-aead-limits-11