[Cryptography] Killing two IV related birds with one stone

Perry E. Metzger perry at piermont.com
Wed Sep 11 18:51:16 EDT 2013

It occurs to me that specifying IVs for CBC mode in protocols
like IPsec, TLS, etc. be generated by using a block cipher in counter
mode and that the IVs be implicit rather than transmitted kills two
birds with one stone.

The first bird is the obvious one: we now know IVs are unpredictable
and will not repeat.

The second bird is less obvious: we've just gotten rid of a covert
channel for malicious hardware to leak information.

Note that if you still transmit the IVs, a misimplemented client
could still interoperate with a malicious counterparty that did not
use the enforced method for IV calculation. If you don't transmit
the IVs at all but calculate them, the system will not interoperate if
the implicit IVs aren't calculated the same way by both sides, thus
ensuring that the covert channel is closed.

Perry E. Metzger		perry at piermont.com

More information about the cryptography mailing list