Member-only story
Overcoming Nonce Reuse/Misuse: SIV Mode
We give away a little too much of our secrets, and often fail to protect one of our most important secret … our encryption keys. To overcome this we can use a method called key wrapping, and which protects the key. This is especially important where we transmit the key over untrusted channels or store them in places without strong access control. For a key wrapping, Rogaway et al proposed the SIV (Synthetic Initialization Vector) method [here] and that authenticates and encrypts, along with authenticating any additional data related to the key:
The method is now standardized with RFC 5297 [here]. With enhanced encryption methods, we can both authenticate the cipher and prove its integrity. This is known as Authenticated Encryption with Associated Data (AEAD). For this we provide additional data to authenticate the encryption process, and where we can identify where the ciphertext has been modified, and for it not to be decrypted. With most conventional AEAD methods we create a nonce value and add additional data (AD) that is authenticated but not encrypted. With a nonce-less approach, we can use a key wrapping method, and which has often been used to protect encryption keys. The additional data can include…
