-TAG || ENCRYPTED || NONCE <-- PACKET
- ^ ^ ^
- | | |
- | | +------------+
- | | |
- | +------------+ |
- | | |
- +-->AUTH(AUTH_KEY, ENCRYPTED || NONCE)
- ^ ^
- | |
-+-----------------------+ |
-| |
-| +--------------+
-| |
-+--> ENCRYPT(KEY, NONCE, PAYLOAD)
- ^ ^
- | |
- | +--> SIZE || DATA [|| NOISE]
- |
- +--> PRP(PRP_KEY, SERIAL)
+ NONCE = 64bit(ZEROS) || 64bit(MAC(MAC_KEY, SERIAL))
+ PAYLOAD = DATA || PAD [|| ZEROS]
+CIPHERTEXT = ENCRYPT(KEY, NONCE, PAYLOAD)
+ TAG = AUTH(AUTH_KEY, CIPHERTEXT || NONCE)
+ MESSAGE = TAG || CIPHERTEXT || NONCE