Yeah we can hear you

I can hear you

Yep

all good

I can see the slides as well

Nonce is the same for both encrypthing and decrypting right?

Yeah

Thx

Why is the nonce necessary if the cipher is not reversible without the secret key?

In case someone intercepts the message and tries to figure out the key themself

This way the key is slightly different each time in case it is no longer secure

The nonce introduces randomness into the message, so that if you send the same message, you still get a different ciphertext

xor again to decrypt

We can decrypt it by XORing it with the key

could you make this multi-use by adding a nonce to the key?

you could xor them?

If you were encrypting something that does have entropy like say a bank account number, would this attack still work if you had enough ciphertexts?

Is this the same problem as using a one-time pad multiple times?

c1 = c2

They would also be the same

a nonce?

What's the range of IVs given a 128-bit key?

If anyone can compute a tag then anyone can mimic that tag

Then you can modify the message and insert the hash for the modified message

to clarify, bob and alice has two keys one for the message and one for the tag?

Is S for secret?

Define authenticity

So for that to work you would encrypt the payload and then compute the mac on the concatenation of the packet headers and the encrypted part of the payload?

how is the shared key initially shared securely?

Alice encrypts the shared key with bobs public key

Thank you!

Thank you!

thank you!

Interesting lecture. Thank you!

Thanks so much!