Nonce Generators and the Nonce Reset Problem

Zenner, Erik

doi:10.1007/978-3-642-04474-8_33

Erik Zenner²⁰

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5735))

Included in the following conference series:

International Conference on Information Security

1313 Accesses
8 Citations

Abstract

A nonce is a cryptographic input value which must never repeat within a given context. Nonces are important for the security of many cryptographic building blocks, such as stream ciphers, block cipher modes of operation, and message authentication codes. Nonetheless, the correct generation of nonces is rarely discussed in the cryptographic literature.

In this paper, we collect a number of nonce generators and describe their cryptographic properties. In particular, we derive upper bounds on the nonce collision probabilities of nonces that involve a random component, and lower bounds on the resulting nonce lengths.

We also discuss an important practical vulnerability of nonce-based systems, namely the nonce reset problem. While ensuring that nonces never repeat is trivial in theory, practical systems can suffer from accidental or even malicious resets which can wipe out the nonce generators current state. After describing this problem, we compare the resistance of the nonce generators described to nonce resets by again giving formal bounds on collision probabilities and nonce lengths.

The main purpose of this paper is to provide a help for system designers who have to choose a suitable nonce generator for their application. Thus, we conclude by giving recommendations indicating the most suitable nonce generators for certain applications.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Wiktionary: Nonce (2009), http://en.wiktionary.org/wiki/nonce
Wegmann, M., Carter, J.: New hash functions and their use in authentication and set equality. Journal of Computer and System Sciences 22, 265–279 (1981)
Article MathSciNet MATH Google Scholar
List, C.M.: Consequences of nonce reuse (2007), http://www1.ietf.org/mail-archive/web/cfrg/
Rogaway, P.: Nonce-based symmetric encryption. In: Roy, B., Meier, W. (eds.) FSE 2004. LNCS, vol. 3017, pp. 348–359. Springer, Heidelberg (2004)
Chapter Google Scholar
Borisov, N., Goldberg, I., Wagner, D.: Intercepting mobile communications: The insecurity of 802.11. In: Proc. 7th International Conference on Mobile Computing and Networking, pp. 180–189. ACM, New York (2001)
Google Scholar
Kohno, T.: Attacking and repairing the WinZip encryption scheme. In: Proc. 11th ACM Conference on Computer and Communications Security (CCS 2004), pp. 72–81. ACM Press, New York (2004)
Chapter Google Scholar
Sabin, T.: Vulnerability in Windows NT’s SYSKEY encryption. BindView Security Advisory (December 16, 1999), http://marc.info/?l=bugtraq&m=94537756429898&w=2
Wu, H.: The misuse of RC4 in Microsoft Word and Excel (2005), http://eprint.iacr.org/2005/007
Barak, B., Halevi, S.: A model and architecture for pseudo-random generation with applications to /dev/random. In: Proc. 12th ACM Conference on Computer and Communications Security (CCS 2005), pp. 203–212. ACM Press, New York (2005)
Google Scholar
Gong, L.: A security risk of depending on synchronized clocks. ACM Operating Systems Review 26, 49–53 (1992)
Article Google Scholar
Neuman, B., Stubblebine, S.: A note on the use of timestamps as nonces. Operating Systems Review 27, 10–14 (1993)
Article Google Scholar
Shoup, V.: A Computational Introduction to Number Theory and Algebra. Cambridge University Press, Cambridge (2005)
Book MATH Google Scholar
Bernstein, D.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 32–49. Springer, Heidelberg (2005), http://cr.yp.to/mac.html#papers
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Department of Mathematics, Technical University of Denmark, Denmark
Erik Zenner

Authors

Erik Zenner
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Dipartimento di Tecnologie dell’ Informazione, Università degli Studi di Milano, Via Bramante 65, 26013, Crema, (CR), Italy
Pierangela Samarati
Computer Science Department, Google Inc. and Columbia University, Room 464, S.W. Mudd Building, 10027, New York, NY, USA
Moti Yung
Information Security Group, Pisa Research Area, Istituto di Informatica e Telematica - IIT Consiglio Nazionale delle Ricerche - C.N.R., Via. G. Moruzzi 1, 56125, Pisa, Italy
Fabio Martinelli
Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Via Bramante, 65, 26013, Crema, (CR), Italy
Claudio A. Ardagna

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Zenner, E. (2009). Nonce Generators and the Nonce Reset Problem. In: Samarati, P., Yung, M., Martinelli, F., Ardagna, C.A. (eds) Information Security. ISC 2009. Lecture Notes in Computer Science, vol 5735. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-04474-8_33

Download citation

DOI: https://doi.org/10.1007/978-3-642-04474-8_33
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-04473-1
Online ISBN: 978-3-642-04474-8
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics