Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add base_key to uniqueness requirement #179

Merged
merged 1 commit into from
Dec 5, 2023
Merged

Add base_key to uniqueness requirement #179

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 7 additions & 6 deletions draft-ietf-sframe-enc.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1064,12 +1064,13 @@ order for SFrame to operate securely.

## Header Value Uniqueness

Applications MUST ensure that each (KID, CTR) combination is used for at most
one SFrame encryption operation. Typically this is done by assigning each sender
a KID or set of KIDs, then having each sender use the CTR field as a monotonic
counter, incrementing for each plaintext that is encrypted. In addition to its
simplicity, this scheme minimizes overhead by keeping CTR values as small as
possible.
Applications MUST ensure that each (`base_key`, KID, CTR) combination is used
for at most one SFrame encryption operation. This ensures that the (key, nonce)
pairs used by the underlying AEAD algorithm are never reused. Typically this is
done by assigning each sender a KID or set of KIDs, then having each sender use
the CTR field as a monotonic counter, incrementing for each plaintext that is
encrypted. In addition to its simplicity, this scheme minimizes overhead by
keeping CTR values as small as possible.

## Key Management Framework

Expand Down
Loading