What is Initialization Vector?

An initialization vector serves the same fundamental purpose as a nonce — it introduces uniqueness into each encryption operation. The terms are often used interchangeably, though "IV" is more common in the context of block cipher modes (CBC, GCM, CTR) while "nonce" is used more broadly. In AES-GCM specifically, the IV is a 12-byte value that initializes the counter used in Galois/Counter Mode.

The IV does not need to be secret — it is typically stored or transmitted in plaintext alongside the ciphertext. Its security contribution comes from uniqueness, not secrecy. However, depending on the cipher mode, the IV may need to be unpredictable (as in CBC mode) or merely unique (as in GCM mode). Using a predictable IV with CBC mode enables specific attacks, while GCM only requires that the IV is never reused with the same key.

IV reuse with AES-GCM is catastrophic: it allows an attacker to recover the authentication key and forge valid ciphertexts, and it leaks information about the plaintext through XOR of the two ciphertext streams. This is why implementations must use a cryptographically secure random number generator for IV generation and must never manually construct or reuse IVs.

How Vaulted uses Initialization Vector

Vaulted generates a fresh 12-byte IV using the Web Crypto API's crypto.getRandomValues() for every secret. The IV is sent to the server alongside the ciphertext and stored in Redis as part of the encrypted record. When the recipient retrieves the secret, the IV is returned along with the ciphertext so the browser can reconstruct the AES-256-GCM decryption parameters. Since Vaulted also generates a unique key per secret, the key-IV pair is always unique.