Can I send unencrypted nonce in AES-GCM?

Question

I'm implementing AES-GCM in a simple chat. Since there is no problem in the nonce being public and I need to change it in every message, can I send the message nonce unencrypted with the message itself?

An example:

There is a function like this:

AESGCM(nonce, key, data_to_encrypt, unencrypted_data)

And I use this way:

message = AESGCM(nonce, key, data, nonce)

Then, the encrypted message will look like this:

unencrypted_nonce | encrypted_data | authentication_tag

Answer 1

The AES-GCM documentation mentions nonce 3 times;

A value that is used only once within a specified context.

The IV is essentially a nonce

AESGCM(nonce, key, data, unencrypted_data)

The AES-GCM internally uses AES in CTR mode of operation, CTR mode turns a block cipher into a stream cipher. For the AES-GCM security and the CTR mode a nonce ( number used once) must be used only once per key. A nonce-key pair should only occur once. If a nonce repeats this can cause

1. Confidentiality fails due to the crib-dragging like all stream ciphers.
2. Even a single AES-GCM nonce reuse can be catastrophic.

The nonce can be randomly generated, however, a counter/LFSR based solution is better, and a better one is the combination.

• If you send the nonce encrypted how do you expect to decrypt the message. It must be sent unencrypted.