20Ara
Replay of previously used cipher, IV and authentication tag in authenticated encryption
It is known that an authenticated encryption scheme is better than just encryption because, in the latter, an attacker can alter the ciphertext, which cannot be verified. In the former, altering the ciphertext can be detected by authentication tag verification.
However, it appears to me that in an authenticated encryption, if an attacker can replay a previously sent ciphertext, IV, and authentication tag altogether, we are back into a situation where the receiver would not be able to detect the alteration.
Is my understanding correct? If this is correct, then saying that the authenticated encryption scheme is "authenticated" does not appear to be justified.
