0 | 0 | 0
1 | 0 | 1
0 | 1 | 1
1 | 1 | 1
Also Cryptographers: AES implementations in software (not hardware) are either insecure, or slow, or both. It wasn't designed with caching side-channels in mind. 🤦♂️
AES(key, IV, "Ovaltine") -> encrypted_output
HMAC(key, encrypted_output) -> MAC
and then on the wire, we send:
IV | encrypted_output | MAC
AEAD(key, IV, plaintext, additional_data) -> IV_encrypted_data_MAC
a | b | c
0 | 0 | 0
1 | 0 | 1
0 | 1 | 1
1 | 1 | 0