Authenticated Encryption with Associated Data (AEAD) provides both authenticated encryption (confidentiality and authentication) and the ability to check the integrity and authentication of additional authenticated data (AAD) that is sent in the clear.
Authenticated encryption: There are four inputs for authenticated encryption: the secret key, a nonce (sometimes called the initialization vector (IV)†), the plaintext itself, and optional additional authentication data (AAD). The nonce and AAD are passed in the clear. There are two outputs: the ciphertext, which is exactly the same length as the plaintext, and an authentication tag (the "tag").
Authenticated decryption: The authenticated decryption operation has five inputs: the secret key, a nonce, the ciphertext itself, the additional authentication data (AAD), which can be zero-length; and the tag. The nonce and AAD are passed in the clear. There is one output: the plaintext, which is exactly the same length as the plaintext. If the inputs are not authentic, the function returns a "FAIL" error code.
MAC: The AEAD encryption function can be used to compute a Message Authentication Code (MAC) over the additional data by passing zero-length input for the plaintext. The output tag is the MAC. Similarly, the MAC can be authenticated against the AAD using the AEAD decryption function by passing zero-length input for the ciphertext. Note that a nonce is required as well as the key.
Security considerations: It is critical that unique nonces are used for different messages encrypted with the same key. Using the same nonce with the same key and different plaintexts seriously undermines security.
For more information about using the AEAD functions in this library, see An interface for Authenticated Encryption with Additional Data (AEAD).
† Some authors use the term "initialization vector" (IV) to mean the entire nonce value. Others use "IV" to mean a unique variable part to be combined with a "fixed" part to make the full nonce value. If we use the term "IV" in relation to AEAD, we mean the full 12/16-octet nonce value.