A security risk of depending on synchronized clocks
ACM SIGOPS Operating Systems Review
A note on the use of timestamps as nonces
ACM SIGOPS Operating Systems Review
Intercepting mobile communications: the insecurity of 802.11
Proceedings of the 7th annual international conference on Mobile computing and networking
Attacking and repairing the winZip encryption scheme
Proceedings of the 11th ACM conference on Computer and communications security
A model and architecture for pseudo-random generation with applications to /dev/random
Proceedings of the 12th ACM conference on Computer and communications security
A computational introduction to number theory and algebra
A computational introduction to number theory and algebra
The Poly1305-AES message-authentication code
FSE'05 Proceedings of the 12th international conference on Fast Software Encryption
A note on a privacy-preserving distance-bounding protocol
ICICS'11 Proceedings of the 13th international conference on Information and communications security
Energy efficient authentication strategies for network coding
Concurrency and Computation: Practice & Experience
Designing the API for a cryptographic library: a misuse-resistant application programming interface
Ada-Europe'12 Proceedings of the 17th Ada-Europe international conference on Reliable Software Technologies
Lightweight security scheme for vehicle tracking system using CoAP
Proceedings of the International Workshop on Adaptive Security
Hi-index | 0.00 |
A nonce is a cryptographic input value which must never repeat within a given context. Nonces are important for the security of many cryptographic building blocks, such as stream ciphers, block cipher modes of operation, and message authentication codes. Nonetheless, the correct generation of nonces is rarely discussed in the cryptographic literature. In this paper, we collect a number of nonce generators and describe their cryptographic properties. In particular, we derive upper bounds on the nonce collision probabilities of nonces that involve a random component, and lower bounds on the resulting nonce lengths. We also discuss an important practical vulnerability of nonce-based systems, namely the nonce reset problem. While ensuring that nonces never repeat is trivial in theory, practical systems can suffer from accidental or even malicious resets which can wipe out the nonce generators current state. After describing this problem, we compare the resistance of the nonce generators described to nonce resets by again giving formal bounds on collision probabilities and nonce lengths. The main purpose of this paper is to provide a help for system designers who have to choose a suitable nonce generator for their application. Thus, we conclude by giving recommendations indicating the most suitable nonce generators for certain applications.