Comment by hatsunearu

1 year ago

Is the statement just that if you use a random value for a nonce rather than some guaranteed never-used-once value, it's possible to get a collision faster than the "natural" block collision complexity (half block size or something like that)?

2 comments

hatsunearu

conradludgate 1 year ago

It's a birthday attack principle. With only 96bits after roughly a billion messages with the key and random IVs, you start reaching realistic probabilities that you will reuse an IV

irundebian 1 year ago

And how you will get a billion messages with 1 frame per second?