1

I would like to use Tink in order to replace Sodium-JNI on Android. Tink seems to be great and really easy to use. But I have one problem. In my use case I have to exchange XChaCha20Poly1305 encrypted messages with other peers and the peers only send certain parts of the nonce, not the whole 24 bytes. This shortened nonce is then used to recover/derive the complete 24 nonce bytes. That's why I would need full control over the used nonce and to set a custom nonce for encryption instead of using encryption with random nonces chosen by Tink. Is there an easy way to use my custom nonces with XChaCha20Poly1305 in Tink?

Thanks in advance and regards Bruno

Bruno Hase
  • 13
  • 3

1 Answers1

-1

Using a shortened nonce is not recommended. The shorter then nonces the less security you'd get from encryption.

This is one of the reasons we don't want users to use their own nonces. Another reason is if you reuse nonces, you'd leak plaintext.

Hope that helps, Thai.

Thai Duong
  • 199
  • 8
  • Thanks for your answer. I know about the implications when using shorter nonces, and if they would be reused. But they will not be reused in the same constellation of peers and keys. Nevertheless it is part of the protocol used by the peers I want to talk to and that's why the protocol I want/need to use, i.e., I'm bound to it. – Bruno Hase Jan 18 '19 at 01:19
  • Thanks for the context, Bruno. I'm afraid you cannot use Tink though for this purpose though. – Thai Duong Jan 18 '19 at 01:29
  • Okay. I'm working on a solution that will make it possible, but it is not the most handiest solution, since I will have to maintain the code with every update of Tink or at least check if this solution would still be compatible with current versions of Tink. Although your answer is not very satisfying, but it does answer my question. Thanks again for that :). Bruno – Bruno Hase Jan 18 '19 at 20:14