RFC Errata
RFC 5116, "An Interface and Algorithms for Authenticated Encryption", January 2008
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
See Also: RFC 5116 w/ inline errata
Errata ID: 4008
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Tapio Sokura
Date Reported: 2014-06-08
Verifier Name: Kathleen Moriarty
Date Verified: 2015-03-31
Section 2.2 says:
The authenticated decrypt operation will, with high probability, return FAIL whenever the inputs N, P, and A were crafted by a nonce- respecting adversary that does not know the secret key (assuming that the AEAD algorithm is secure).
It should say:
The authenticated decrypt operation will, with high probability, return FAIL whenever the inputs N, C, and A were crafted by a nonce- respecting adversary that does not know the secret key (assuming that the AEAD algorithm is secure).
Notes:
Inputs to the authenticated decrypt operation do not include plaintext P, but instead includes ciphertext C.
Thanks for the correction, since this is descriptive text, it will be marked as editorial.