Initialization Vector (IV)

Initialization Vector (IV) is a random or pseudo-random value used alongside an encryption key to ensure that encrypting the same plaintext multiple times produces different ciphertexts. It prevents pattern analysis and is essential for secure encryption.

Purpose

// Without IV: Same plaintext = Same ciphertext
Encrypt("secret", key) → ABC123  // Always!

// With IV: Same plaintext = Different ciphertext
Encrypt("secret", key, IV1) → XYZ789
Encrypt("secret", key, IV2) → DEF456

Requirements by Mode

• CBC: Must be unpredictable (random or encrypted counter)
• CTR: Must be unique (counter is common)
• GCM: Must NEVER be reused with same key

Common Mistakes

// BAD: Static IV
iv = bytes([0] * 16)  // Same every time!

// BAD: Predictable IV
iv = timestamp.to_bytes()  // Attacker can predict

// BAD: Sequential without encryption
iv = counter.to_bytes()  // For CBC, this is insecure

// GOOD: Random IV
iv = os.urandom(16)  // Cryptographically random

IV Transmission

// IV is NOT secret - typically sent with ciphertext
message = IV + ciphertext

// Receiver extracts IV
iv = message[:16]
ciphertext = message[16:]

IV vs Nonce

• IV: Usually requires randomness
• Nonce: Only requires uniqueness (Number used ONCE)
• Terms often used interchangeably in practice

See Also

• Cryptographic Nonce
• Cipher Block Chaining (CBC)
• GCM Nonce Reuse