W3C home > Mailing lists > Public > xml-encryption@w3.org > November 2001

Nonce Handling

From: Dournaee, Blake <bdournaee@rsasecurity.com>
Date: Sun, 4 Nov 2001 17:09:05 -0800
Message-ID: <E7B6CB80230AD31185AD0008C7EBC4D202A1B67D@exrsa01.rsa.com>
To: XML Encryption WG <xml-encryption@w3.org>
Hello All,

I am still unclear on how the nonce value is dealt with in <CipherData>. The
schema definition says that the attribute value is supposed to be Base-64
encoded binary value, but there is no mention of the actual value itself. Is
it just an integer length of the nonce? If so, why even bother with encoding
it?

Also, this sentence is confusing (Section 3.2):

"The optional Nonce attribute specifies the presence and length of a nonce
value that is prepended to the CipherValue or data identified by the
CipherReference"

This isn't exactly correct - the nonce is prepended to the plain-text, not
the cipher text, correct? (Maybe I am wrong.)


Blake Dournaee
Toolkit Applications Engineer
RSA Security
 
"The only thing I know is that I know nothing" - Socrates
 
 


-----Original Message-----
From: Christian Geuer-Pollmann
[mailto:geuer-pollmann@nue.et-inf.uni-siegen.de]
Sent: Saturday, November 03, 2001 2:28 AM
To: XML Encryption WG
Cc: Joseph Reagle
Subject: Encrypting IV in ECB


Hi all,

about the use of the IV in block encryption in CBC mode: 
[Menezes/Orschoot/Vanstone] state in Remark 7.16 (integrity if IV in CBC):

  "While the IV in the CBC mode need not be secret, its
   integrity should be protected, since malicious
   modifications thereof allows an adversary to make
   predictable bit changes to the first plaintext
   block recovered."

Suggestion:

If we encrypt the IV in Electronic Codebook Mode (ECB), we ensure that 
modifications on the bit layer will break decryption of the complete block.

  "ALGORITHM is used in the Cipher Block Chaining
   (CBC) mode with a ALGO_KEY_BIT_LENGTH bit
   Initialization Vector (IV). <ADD>The IV is
   encrypted in ECB mode.</ADD> The resulting
   cipher text is prefixed by the
   <ADD>encrypted</ADD> IV."

Does this make sense to you?

Best regards,
Christian

[Menezes/Orschoot/Vanstone] Handbook of applied cryptography, page 230
Received on Sunday, 4 November 2001 20:09:12 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:19 GMT