Techly NewsGet the app

Get the latest tech news

Galois/Counter Mode and random nonces


It turns out you can encrypt more than 2^32 messages with AES-GCM with a random nonce under certain conditions. It’s still not a good idea, but you can just about do it. #cryptography

Reusing a nonce even once for GCM is absolutely catastrophic, as an observer can then trivially recover the authentication sub-key and probably the message content too. The solution they designed is described in that linked paper: AES-GCM-SIV, which is able to tolerate some number of nonce collisions, but under a weaker notion of security that is only really applicable to that use-case (where the data being encrypted is itself random). In that case, you could encrypt 2 45 messages before you hit the limit, which means Google would only need to change the key every 4 days or so, even under large-scale DDoS attack.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Galois

Galois

Photo of random nonces

random nonces

Photo of Counter Mode

Counter Mode

« China to Spend $828 Million on High-Tech EV Batteries, China Daily Says
Intel's Sub-NUMA Clustering Support Linux Patches Spun A 19th Time »