What are the main differences between a nonce, a key and an IV. Without any doub

Question

What are the main differences between a nonce, a key and an IV. Without any doubt the key should be kept secret. But what about the nonce and the IV. What's the main difference between them and their purposes? It's only the fact that in literature and in practise IV is being used as "initiator" of an block cipher encryption mode which SHOULD be unique? And the same property should hold for a nonce as well but since it doesn't instantiate something we call it a nonce? I.e: in AES-CTR mode the IV is a nonce+counter.And both are put in plaintext format in the beginning of the ciphertext.

Explanation / Answer

The three terms (key, IV, nonce) you mentioned, and another, the salt, basically describe random numbers and each term is used in another context. The key is used as input for a cryptographic primitive and should be kept secret.

A nonce is a random number only used once and for a short time with the intention to get replaced by or converted into something better. A initialization vector is also used as input for a cryptographic primitive to achieve randomization of normally deterministic primitives. Stream ciphers are called stateful where the same key is used for many states and the nonces are used to ensure different key streams. For this reason, we use IVs for the modes of operations of block ciphers but nonces for stream ciphers. This is a little bit confusing when we talk about AES-CTR because we use the term IV for the block cipher and the term nonce+counter for the state of the stream cipher.

For the sake of completeness, a salt is also some kind of initialization vector for one-way functions but with the goal to achieve additional entropy for low-entropy inputs, e.g. password hashing.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.