I'm implementing a protocol which needs a 64-bit IV for every encrypted packet. The cipher in use (AES-GCM, more or less as specified in RFC 4106) does not require that these IVs are random, only that they are not repeated for any given key. However, the protocol imposes the additional requirement that every byte on the wire be statistically indistinguishable from randomness.
What I need, therefore, is a PRNG that produces successive 64-bit numbers, and is guaranteed not to repeat itself until all 264 possibilities are exhausted. I don't think this PRNG has to be cryptographically secure, but I imagine it would not hurt. I would seed this PRNG at the same time as I generate the AES key (which is a short-lived session key) from a source of true randomness.
What PRNG algorithm should I use?
We need at least 10 more requests to produce the answer.
0 / 10 have requested this problem solution
The more requests, the faster the answer.
I'm implementing a protocol which needs a 64-bit IV for every encrypted packet. The cipher in...