Key committing key type #30
Description
Add support for a committing mode of encryption (e.g., SIV or GCM-SIV) to ensure ciphertexts are bound to a unique plaintext and AAD under a given key.
Motivation
In envelope encryption schemes, it's important that a data key cannot be reused to produce multiple valid ciphertexts that decrypt to different plaintexts. This helps prevent equivocation and strengthens guarantees around message authenticity and integrity, even in the event of key compromise.