[noise] encrypted nonce / udp packet number

Arvid Picciani aep at exys.org
Fri Jul 20 16:11:42 PDT 2018


the QUIC protocol apparantly is able to encrypt the packet sequence
number (separately from the payload)

https://tools.ietf.org/html/draft-ietf-quic-tls-13#section-5.3

does anyone understand how they do this at all?
As far as i understand, it is not safe to reuse the same nonce for an
AEAD with different plaintext,
so without having a unique nonce, how do you encrypt the .. nonce?


More information about the Noise mailing list