Search code examples
.netaesencryption-symmetricencryption-asymmetricinitialization-vector

How many times can AesCryptoServiceProvider.GenerateIV be safely called before exhausting the number of unique IVs?

I am confused. According to the below my IV "MUST" be unique for every round of encryption.

Properties of an IV depend on the cryptographic scheme used. A basic requirement is uniqueness, which means that no IV may be reused under the same key. For block ciphers, repeated IV values devolve the encryption scheme into electronic codebook mode: equal IV and equal plaintext result in equal ciphertext. - https://en.wikipedia.org/wiki/Initialization_vector

I am using the .NET AesCryptoServiceProvider class. I am using GenerateIV to generate a new IV and sending that IV along with the cipher text to a remote endpoint which will then decrypt the packet using the IV and privately shared key.

My packet is XML, and thus will always start with the same leading text. (e.g. "<SomeTag ...>unique_text</SomeTag>")

My key might live over thousands of encrypt/decrypt cycles during the five to ten minute life of the key. How many times can I call GenerateIV before I generate the same IV twice? Or phrased another way, how many cycles is GenerateIV good for? Five, ten, hundreds, thousands, millions?

Here is the code in question:

_sessionKeys[_currentSessionKeyId].GenerateIV();
var key = _sessionKeys[_currentSessionKeyId].Key;
var iv = _sessionKeys[_currentSessionKeyId].IV;

ICryptoTransform encryptor = _sessionKeys[_currentSessionKeyId].CreateEncryptor(key,iv);

It seems that given that the IV generated by AesCryptoServiceProvider.GenerateIV is of finite size, then the number of times it can be called before generating a duplicate IV is also finite. But what is that finite number.

Solution

  • There is 128 bits (16 bytes) in a IV. According to the Wikipeda page on the Birthday Attack (the probability you will see a repeated value pulling randomly from a pool) to have a 0.0000000000000001% chance of seeing any number twice you must call the function about 26,000,000,000 times. To get it to be a 1% chance any number is seen twice you must call it 2,600,000,000,000,000,000 times.

    This assumes GenerateIV has a "good" random number generator that gives a even distribution, which it should have.