[noise] CipherState.EncryptWithAd and nonce increment

David Wong davidwong.crypto at gmail.com
Mon Dec 4 06:00:58 PST 2017

> However, in my use case I need to avoid nonce increment if decryption fails,
> as this is a valid and acceptable behavior in my case.
> So should nonce be incremented immediately like it is done in `noise-c`
> already or should it only be incremented on successful decryption?

It should not matter because if the decryption is unsuccessful you are
supposed to abort the protocol.
Can I ask why you are not doing this?

> I'm aware that latest versions of the spec give optional control over nonce
> and my use case can be implemented using it.

If you have good reasons not to use a counter, this is probably what
you should do.


More information about the Noise mailing list