Authenticated encryption schemes aim to provide both privacy and integrity. This paper explores the relationships between different notions of privacy and authenticity in symmetric encryption schemes. It considers two notions of authenticity: integrity of plaintexts (INT-PTXT) and integrity of ciphertexts (INT-CTXT). These are combined with IND-CPA (indistinguishability under chosen-plaintext attack) to form security notions for comparison. The paper analyzes three generic composition methods—Encrypt-and-MAC (E&M), MAC-then-encrypt (MtE), and Encrypt-then-MAC (EtM)—to determine whether they meet these security notions. The paper shows that INT-CTXT combined with IND-CPA is the strongest notion, implying security against chosen-ciphertext attacks and being strictly stronger than IND-CCA. Nonmalleability (NM) does not imply any type of integrity. Integrity of plaintexts does not imply integrity of ciphertexts. For the generic composition methods, the paper provides security results. It shows that EtM is secure under both INT-CTXT and IND-CPA, while MtE is secure under INT-PTXT and IND-CPA. E&M is not secure under IND-CPA because the MAC can reveal information about the plaintext. The paper also provides counterexamples showing that some composition methods fail to meet certain security notions. The paper concludes that generic composition methods are useful for designing authenticated encryption schemes, as they allow for the combination of secure encryption and message authentication schemes. The results highlight the importance of considering both privacy and authenticity in the design of authenticated encryption schemes.Authenticated encryption schemes aim to provide both privacy and integrity. This paper explores the relationships between different notions of privacy and authenticity in symmetric encryption schemes. It considers two notions of authenticity: integrity of plaintexts (INT-PTXT) and integrity of ciphertexts (INT-CTXT). These are combined with IND-CPA (indistinguishability under chosen-plaintext attack) to form security notions for comparison. The paper analyzes three generic composition methods—Encrypt-and-MAC (E&M), MAC-then-encrypt (MtE), and Encrypt-then-MAC (EtM)—to determine whether they meet these security notions. The paper shows that INT-CTXT combined with IND-CPA is the strongest notion, implying security against chosen-ciphertext attacks and being strictly stronger than IND-CCA. Nonmalleability (NM) does not imply any type of integrity. Integrity of plaintexts does not imply integrity of ciphertexts. For the generic composition methods, the paper provides security results. It shows that EtM is secure under both INT-CTXT and IND-CPA, while MtE is secure under INT-PTXT and IND-CPA. E&M is not secure under IND-CPA because the MAC can reveal information about the plaintext. The paper also provides counterexamples showing that some composition methods fail to meet certain security notions. The paper concludes that generic composition methods are useful for designing authenticated encryption schemes, as they allow for the combination of secure encryption and message authentication schemes. The results highlight the importance of considering both privacy and authenticity in the design of authenticated encryption schemes.