1

If two parties (Say A and B) have a shared secret key (K), is there any way for each party to use the shared secret key to generate nonce(N) sequence which is equal on both sides without having to send the nonce value between them?

I am thinking of having an initial counter (C) that is shared between those parties and then use symmetric key to derive the subsequent nonces. A and B would perform: N0 = {C}K N1 = {N0}K N2 = {N1}K .... Nn = {Nn-1}K

If i want unpredictability property for the nonce created, is it secure to do it this way?

The nonce is intended to derive key sessions generated by A to allow other party to access B.

user1677104
  • 113
  • 2

1 Answers1

1

Yes, you can chain the nonces as you described, if {}K is a secure pseudo-random function such as HMAC.

If you use HMAC, keyed with K, as your function on the nonces (H_K(N_n)), an attacker can not predict the nonces as he would be able to selectively forge HMAC tags as well, which is impossible even if you use HMAC-MD5 (while MD5 itself is severely broken, better hashes stand even better), if you don't know the key.

SEJPM
  • 9,540
  • 6
  • 37
  • 67