Hi, On 2021-05-27 16:55:29 -0400, Robert Haas wrote: > No. You're confusing what I was saying here, in the contents of your > comments about the limitations of AES-GCM-SIV, with the discussion > with Bruce about nonce generation.
Ah. I think the focus on LSNs confused me a bit. FWIW: Nist guidance on IVs for AES GCM (surprisingly readable): https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf AES-GCM-SIV (harder to read): https://eprint.iacr.org/2017/168.pdf Greetings, Andres Freund
