Initialization Vector (IV) - update frequency

Question

This is a pretty straightforward question which concerns the initialization vector (IV), when using symmetric encryption (e.g. AES) togheter with say CBC.

My question: Should the IV change for each new plaintext or does it suffice to create one for each new session?

At the moment im using java for my implementation and the Cipher Class, and i noticed that it indeed creates a new IV first time, however that same IV is also used for later plaintexts as well.

Perhaps there is some reading resources about this topic?

Thanks :)

Maarten Bodewes · Accepted Answer

Note: this answer is only about the IV in CBC mode encryption.

You need to create a new IV for each separate encryption "session" with the same key. For an IV to be cryptographically secure it should be indistinquishable from a random number to the attacker. Java by default uses a zero IV, which means you should not reuse the key to create other cipher texts.

So no, you should not reuse the session without setting a new IV. Basically, the only thing that is secure for any protocol is the source below. There are ways of creating a secure IV using other information in a protocol, but I won't go into that.

Cipher aes = Cipher.getInstance("AES/CBC/PKCS5Padding");

// repeat this for each cipher text
byte[] ivBytes = new byte[aes.getBlockSize()];
SecureRandom rnd = new SecureRandom();
rnd.nextBytes(ivBytes);
aes.init(Cipher.ENCRYPT_MODE, sk, new IvParameterSpec(ivBytes));

// now prepend the ivBytes to the output, e.g. by writing it to a stream first
// remove and use as IV at the receiving side

[EDIT]: Forgot about the shorthand notation for this:

aes.init(Cipher.ENCRYPT_MODE, sk, new SecureRandom());
byte[] ivBytes = aes.getIV();

Note that the code above does not provide integrity protection.

Initialization Vector (IV) - update frequency

Answers (2)

Related Questions