Why Symmetric Encryption and AEAD Are Dangerous When nonce Is Wrong
Device communication designs often say “encrypt it with AES”. That is too vague.
The real questions are: only encrypt, or also authenticate? Can tampering be detected? Is replay handled? Where does nonce come from? Can the device reuse nonce after power loss?
Modern protocols usually use AEAD instead of raw encryption.
AEAD = Authenticated Encryption with Associated Data
= encryption + integrity authentication + optional authenticated cleartext context
Common AEAD algorithms include:
Read More