[noise] encrypted nonce / udp packet number
Tony Arcieri
bascule at gmail.com
Fri Jul 20 17:23:31 PDT 2018
On Fri, Jul 20, 2018 at 4:11 PM Arvid Picciani <aep at exys.org> wrote:
> As far as i understand, it is not safe to reuse the same nonce for an
> AEAD with different plaintext,
> so without having a unique nonce, how do you encrypt the .. nonce?
A SIV mode (e.g. AES-GCM-SIV) which places a unique/random value in the
plaintext is the first thing that comes to mind for me.
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://moderncrypto.org/mail-archive/noise/attachments/20180720/e737f49d/attachment.html>
More information about the Noise
mailing list