Join Log in
Score:0
Guest123456 avatar Crypto

AES-GCM across multiple packets

ao flag
Guest123456

I am just getting started with cryptography. After doing some research, I see that people usually advice against encryption using the same key and nonce. However if a message is too long and has to be broken up into multiple packets, how exactly does this work? Will a different key and nonce be generated for each packet with a distinct authentication tag computed for that packet? Would it be considered secure to generate a key for the entire message, but each packet will be encrypted using a different nonce, and once the entire message is encrypted, the authentication tag is computed.

Thanks in advance.

39
1 + 0
Score:1
DannyNiu avatar Crypto
vu flag
DannyNiu

Typical AEAD (authenticated encryption with associated data) algorithms support 96-bit nonce - quite large, and a counter is good for it. So if you have different nonce for each encryption, you don't have to change the key. What's more, AES requires key expansion for computing key schedule, which is an expensive operation if done each time.

You've probably mis-interpreted "not using the same key and nonce". What it means is that each "key-nonce" pair must be unique, not both of them must be different.

+ 2
Guest123456 avatar
ao flag
Guest123456
Ah I see. Indeed, I misunderstood what is meant by "the same key and nonce". Thank you so much!
0
Reply
samuel-lucas6 avatar
bs flag
samuel-lucas6
However, rekeying is [better](https://eprint.iacr.org/2017/702) for security, which is why it's done by [AES-GCM-SIV](https://cyber.biu.ac.il/aes-gcm-siv/).
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.