[noise] CipherState.EncryptWithAd and nonce increment
davidwong.crypto at gmail.com
Mon Dec 4 06:00:58 PST 2017
> However, in my use case I need to avoid nonce increment if decryption fails,
> as this is a valid and acceptable behavior in my case.
> So should nonce be incremented immediately like it is done in `noise-c`
> already or should it only be incremented on successful decryption?
It should not matter because if the decryption is unsuccessful you are
supposed to abort the protocol.
Can I ask why you are not doing this?
> I'm aware that latest versions of the spec give optional control over nonce
> and my use case can be implemented using it.
If you have good reasons not to use a counter, this is probably what
you should do.
More information about the Noise