[Cryptography] Severe flaw in all generality : key or nonce reuse

Christian Huitema huitema at huitema.net
Wed Oct 18 19:14:21 EDT 2017

On 10/18/2017 12:45 PM, John Denker via cryptography wrote:

> I hate to ask silly questions, but is there any cryptosystem or any
> mode whatsoever where key/nonce reuse is acceptable?

The interesting property would be that every bit in the encrypted
message statistically depends on all bits in the key, the nonce, and the
clear text message. Reusing the same key and nonce would only reveal
something if it was used with exactly the same message, in which case it
would just reveal that two messages were identical.

That would be in contrast with stream ciphers, in which a bit in the
encrypted message depends on the key and the nonce and the corresponding
bit in the clear text -- but no other bits.

Christian Huitema

More information about the cryptography mailing list