Skip to content

Commit

Permalink
Rewrite mention of replay attacks in nonce section
Browse files Browse the repository at this point in the history
  • Loading branch information
@divergentdave
divergentdave committed Nov 1, 2024
1 parent 9ea5133 commit a16c6b5
Showing 1 changed file with 3 additions and 5 deletions.
8 changes: 3 additions & 5 deletions draft-irtf-cfrg-vdaf.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5692,11 +5692,9 @@ required in order to leverage security analysis for the privacy definition of
report. Uniqueness of the nonce is not sufficient because the verification key
is controlled by the attacker.

Other security considerations may require the nonce to be non-repeating in a
given context. For example, to achieve differential privacy it is necessary to
avoid "over exposing" a report by including it too many times in a single batch
or across multiple batches. It is RECOMMENDED that the nonce generated by the
Client be used by the Aggregators for replay protection.
Applications will need to protect against replay attacks to prevent disallowed
re-use of reports (see {{agg-param-security}}). It is RECOMMENDED that the
nonce generated by the Client be used by the Aggregators for replay protection.

## The Public Share

Expand Down

0 comments on commit a16c6b5

Please sign in to comment.