Re: Multiple messages with AES-GCM and nonce resynchronize

[Jean-Pierre Münch]

Am 03.11.2015 um 02:43 schrieb Jeffrey Walton:
>
>     Does anything break by extending CryptoPP::GCM by a resynchronize
>     method which does not change the iv, like:
>
>     |
>     classCtrNonceGCMEncryption:publicCryptoPP::GCM<CryptoPP::AES
>     >::Encryption{
>     public:
>         voidResynchronize(){m_state =State_IVSet;}
>     };
>     |
>
>     and using this method instead (as well as in Decryption)? This
>     would save on random nonce generation and transmission.
>
>
> Sorry to dig up an old thread....
>
> There _can_ be another small risk when using GCM mode. I learned about
> it when researching non-constant time increment functions. For
> information on it, see "Should Increment functions be near-constant
> time?", http://crypto.stackexchange.com/q/30261/10496.
>
> I looked at the library's GCM code, and we might want to place a
> mitigation.
I'm definitely voting for a mitigation.
We're a crypto library and thereby can't tolerate (potential) security
issues, especially if they are related to GCM - the most advertised mode.

The how of the mitigation is a more difficult question though.

I'm currently running tests concerning poncho's proposal using an
extensive configuration and expect results the next day.
I'll report back once I know the implied overhead.

BR

JPM
>
> Jeff
> -- 
> -- 
> You received this message because you are subscribed to the "Crypto++
> Users" Google Group.
> To unsubscribe, send an email to
> cryptopp-users-unsubscr...@googlegroups.com.
> More information about Crypto++ and this group is available at
> http://www.cryptopp.com.
> ---
> You received this message because you are subscribed to the Google
> Groups "Crypto++ Users" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to cryptopp-users+unsubscr...@googlegroups.com
> <mailto:cryptopp-users+unsubscr...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.

-- 
-- 
You received this message because you are subscribed to the "Crypto++ Users" 
Google Group.
To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com.
More information about Crypto++ and this group is available at 
http://www.cryptopp.com.
--- 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.