Essential/Nonce Reuse with Stream Encodings

4 thoughts on “Essential/Nonce Reuse with Stream Encodings”

  1. Yes. You may not reuse the same nonce+key, but setting the nonce to a constant (e.g. 0) is ok if the key is used only once.

  2. Yes, as long as each message has unique pair of key + IV, and you don’t reuse any of the keystream’s key bits for more than one bit of plaintext (so that each *section* of a message has unique key+IV+counter not used elsewhere), then the cipher itself is secure against leaking the plaintext.


Leave a Comment