I want to bind ciphertext to its context

In some cases, binding ciphertext to associated data strengthens security.

Some examples of binding ciphertext to associated data include:

  • Encrypting a database cell-by-cell (or column-by-column) ensures the cell's ciphertext is only valid in that specific cell. This prevents the attacker from moving the ciphertext from one cell to another. In this example, the ciphertext should be bound to the column_id and row_id for the given database cell.

  • Binding the ciphertext to the time_stamp at the time of encryption ensures it's only valid for a limited time.

  • Storing ciphertexts in different clients allows you to detect misbehavior if Client A provides Client B's ciphertext for decryption. Here, the ciphertext should be bound to the client's name.

Tink has several options for binding ciphertext to its context: