AES GCM IV usage limit and selection

Question

AES GCM IV usage limit and selection

Closed this issue 3 years ago · 2 comments

The whitepaper mentions AES GCM is used but doesn't describe how the IV is selected and whether thought has been given to the 64 GiB limit that a single IV + key combination can encrypt before becoming dangerous. I figure this has been thought about, so it would be nice to see it mentioned in the whitepaper 😄

Answer 1 · 2022-01-13T20:50:08.000Z

The whitepaper mentions AES GCM is used but doesn't describe how the IV is selected and whether thought has been given to the 64 GiB limit that a single IV + key combination can encrypt before becoming dangerous. I figure this has been thought about, so it would be nice to see it mentioned in the whitepaper 😄

Answer 2 · 2022-02-04T22:02:00.000Z

Thanks for the question. The IV used for AES-GCM is a simple 96-bit counter that increments per packet. Packets are much smaller than 64 GiB, and the implementation throws an error in the unlikely case that the counter overflows, to avoid reuse.