[noise] encrypted nonce / udp packet number
David Wong
davidwong.crypto at gmail.com
Fri Jul 20 17:33:19 PDT 2018
> does anyone understand how they do this at all?
> As far as i understand, it is not safe to reuse the same nonce for an
> AEAD with different plaintext,
> so without having a unique nonce, how do you encrypt the .. nonce?
Hey Arvid,
Check https://tools.ietf.org/html/draft-ietf-quic-tls-13#section-5.3
Notice this line: "Packet number protection is applied after packet
protection is applied"
So a nonce is in clear and used to decrypt first
More information about the Noise
mailing list