I want to bind ciphertext to its context

Modern encryption modes support associated data, which is authenticated but not encrypted. This can be used to bind a ciphertext to a specific context.

Examples of binding ciphertext to associated data include:

  • Encrypting a database cell-by-cell (or column-by-column). This ensures the cell's ciphertext is only valid in that specific cell. This prevents the attacker from moving the ciphertext from one cell to another. In this example, the ciphertext should be bound to the column_id and row_id for the given database cell.

  • Storing ciphertexts in different clients lets you detect misbehavior if Client A provides Client B's ciphertext for decryption. Here, the ciphertext should be bound to the client's name.

Tink has several options for binding ciphertext to its context: