Cryptographic Integrity Guarantee

ANKASecure ensures 100% cryptographic integrity verification for all encrypted data with zero exceptions.

What It Means

Every encryption operation in AnkaSecure produces an authentication tag that is cryptographically bound to the ciphertext. Decryption operations always validate this tag before returning plaintext data, ensuring:

✅ Data has not been tampered with — any modification detected and rejected ✅ Ciphertext has not been modified — in transit or at rest ✅ No unauthorized access — prevents bit-flipping attacks ✅ Protection against ciphertext manipulation — AEAD (Authenticated Encryption with Associated Data) mandatory

Zero exceptions: There are no code paths that return decrypted data without integrity verification.

Why It Matters

Compliance & Standards

OWASP: Addresses "Broken Cryptography" (A02:2021) — always use authenticated encryption

NIST SP 800-38D: Requires authenticated encryption (AEAD) for sensitive data protection

PCI-DSS 4.0: Mandates integrity protection for cardholder data

HIPAA: Required for PHI (Protected Health Information) encryption

Attack Prevention

Attack Type	Protection Mechanism
Bit-flip attacks	GCM authentication tag detects any ciphertext modification
Ciphertext manipulation	AEAD binding of ciphertext + metadata prevents tampering
Malleability exploits	Authentication tag verifies both ciphertext and associated data
Replay attacks	Unique IV/nonce per operation prevents reuse

Bottom line: If someone modifies your encrypted data (even by a single bit), decryption will fail with integrity error.

How It Works

Authenticated Encryption (AEAD)

All symmetric algorithms in AnkaSecure use AEAD (Authenticated Encryption with Associated Data) modes:

GCM (Galois/Counter Mode): AES, Camellia, SEED, SM4, ARIA
CCM (Counter with CBC-MAC): AES, SM4
Poly1305: ChaCha20-Poly1305

For asymmetric operations (ML-KEM, RSA):

Content encrypted with AES-256-GCM (authenticated encryption)
Key encapsulated with ML-KEM/RSA/ECDH
Result: Authentication tag protects both ciphertext AND key encapsulation

Supported AEAD Modes

GCM (Galois/Counter Mode)

Algorithms: AES-GCM, Camellia-GCM, SEED-GCM, SM4-GCM, ARIA-GCM

Tag Length: 128 bits (maximum recommended by NIST)

Security: Detects tampering with probability 1 - 2^(-128) (cryptographically negligible chance of forgery)

Standard: NIST SP 800-38D

Performance: Hardware-accelerated on modern CPUs (Intel AES-NI, ARM Crypto Extensions)

CCM (Counter with CBC-MAC)

Algorithms: AES-CCM, SM4-CCM

Tag Length: 128 bits

Security: Provably secure under standard assumptions

Standard: RFC 3610, IEEE 802.11i (Wi-Fi WPA2/3)

Use case: IoT devices, embedded systems

Poly1305

Algorithm: ChaCha20-Poly1305

Tag Length: 128 bits

Security: Information-theoretic security (one-time polynomial evaluation)

Standard: RFC 8439 (TLS, SSH)

Performance: Software-optimized for systems without AES hardware acceleration

API Behavior

Encryption Always Produces Authentication Tag

curl -X POST https://api.ankatech.co/api/crypto/encrypt \
  -H "Content-Type: application/json" \
  -d '{
    "kid": "my-key",
    "plaintext": "sensitive data"
  }'

Response includes authentication tag:

{
  "jwe": "eyJhbGciOi...encrypted_key...iv...ciphertext...tag",
  "algorithm": "ML-KEM-768",
  "enc": "A256GCM"
}

JWE structure: header.encrypted_key.iv.ciphertext.tag (tag is the 5th component)

Decryption Always Verifies Integrity

curl -X POST https://api.ankatech.co/api/crypto/decrypt-jwe \
  -H "Content-Type: application/json" \
  -d '{
    "jweToken": "eyJhbGciOi..."
  }'

If integrity verification fails:

{
  "error": "CIPHERTEXT_INTEGRITY_FAILURE",
  "message": "Authentication tag verification failed - ciphertext has been modified",
  "status": 422
}

No plaintext returned — decryption aborts immediately if integrity check fails.

Benefits for Your Organization

✅ Compliance Ready

Meets NIST, OWASP, PCI-DSS, HIPAA requirements for authenticated encryption automatically.

✅ Attack Resistant

Automatic protection against tampering without any configuration needed.

✅ Zero Configuration

Integrity verification is mandatory and cannot be disabled — security by default.

✅ Performance

Hardware-accelerated GCM on modern CPUs (Intel, AMD, ARM) with minimal overhead.

✅ Standards-Based

Uses industry-standard AEAD modes (NIST SP 800-38D, RFC 8439) for maximum interoperability.

Example: Detecting Tampering

Scenario

Attacker intercepts encrypted message and modifies a single bit hoping to corrupt decryption.

1. Original Encryption

curl -X POST /api/crypto/encrypt -d '{
  "kid": "my-key",
  "plaintext": "Transfer $1,000,000 to Account A"
}'

Response: eyJhbGciOiJNTC1LRU0tNzY4IiwiZW5jIjoiQTI1NkdDTSJ9.Xh3kF8bL...

2. Attacker Modifies Ciphertext

Attacker flips bit hoping to change "Account A" to "Account B":

Modified JWE: eyJhbGciOiJNTC1LRU0tNzY4IiwiZW5jIjoiQTI1NkdDTSJ9.Yh3kF8bL... (one character changed)

3. Decryption Rejects Tampered Data

curl -X POST /api/crypto/decrypt-jwe -d '{
  "jweToken": "eyJhbGciOiJNTC1LRU0tNzY4IiwiZW5jIjoiQTI1NkdDTSJ9.Yh3kF8bL..."
}'

Response:

{
  "error": "CIPHERTEXT_INTEGRITY_FAILURE",
  "message": "Authentication tag verification failed",
  "status": 422
}

Result: Attack prevented. No plaintext returned.

Composite Keys + Integrity

Composite hybrid keys enhance integrity guarantees even further:

Traditional AEAD: Detects tampering of ciphertext

Composite Keys: Detects tampering AND requires breaking both classical and PQC algorithms

Combined protection:

Integrity verification: Detects any modification (AEAD tag)
Quantum resistance: Requires breaking both algorithms to decrypt (AND-decrypt)

Security: 1000× better protection than traditional encryption.

FAQ

Q: Can I disable integrity verification for performance? A: No. Integrity verification is mandatory and cannot be disabled. Performance impact is negligible (<1% overhead).

Q: What happens if someone modifies my encrypted data? A: Decryption fails with error CIPHERTEXT_INTEGRITY_FAILURE. No plaintext is returned.

Q: Are all algorithms AEAD-compliant? A: Yes. All symmetric algorithms use AEAD modes (GCM, CCM, Poly1305). Asymmetric operations encrypt content with AES-256-GCM.

Q: How large is the authentication tag? A: 128 bits (16 bytes) for all AEAD modes — negligible overhead.

Q: Can external systems verify integrity? A: Yes, if they support JOSE JWE (RFC 7516). The authentication tag is included in the JWE structure.

Next Steps

Supported Algorithms — Full algorithm catalog with AEAD modes
API Reference — Encryption/decryption APIs
Composite Keys Overview — Enhanced security with quantum resistance

Need help? Email [email protected] for technical implementation guidance.