What is an Initialization Vector
An initialization vector (IV) is a random or unpredictable value used as an input to a block cipher mode of operation. Its purpose is to ensure that encrypting the same plaintext with the same key produces different ciphertexts each time. Without an IV, an attacker observing encrypted messages could detect when the same plaintext is sent twice, leaking information about the content.
How it works
In CBC (Cipher Block Chaining) mode, the IV is XORed with the first plaintext block before encryption. Each subsequent block is XORed with the previous ciphertext block, creating a chain where every block depends on all preceding blocks. The IV breaks the determinism of the first block.
CBC requires the IV to be unpredictable -- not just unique, but random. If an attacker can predict the IV for the next message, they can craft chosen-plaintext attacks. This requirement is stricter than for a nonce, which only needs to be unique.
In CTR (Counter) mode, the IV (often called a nonce in this context) initializes a counter that is encrypted to produce a keystream. The keystream is XORed with the plaintext. Here, the IV must be unique but does not need to be unpredictable. However, reusing an IV with the same key reveals the XOR of two plaintexts, a catastrophic failure.
In AES-GCM, the IV is 96 bits and serves as the nonce for the underlying CTR-mode encryption and the GHASH authentication. It must never repeat under the same key.
The IV is not secret. It is transmitted in plaintext alongside the ciphertext, typically prepended to the encrypted message. The receiver extracts the IV and uses it with the shared key to decrypt. The security of the system depends entirely on the key, not the IV's secrecy -- the IV's role is to provide randomization.
Why it matters
IV misuse is a common source of real-world cryptographic failures. Reusing an IV in CBC mode leaks plaintext patterns. Reusing an IV in GCM mode destroys both confidentiality and authentication. Every encryption operation must use a fresh IV, and the generation method must match the requirements of the specific mode.
See How Symmetric Encryption Works for the full walkthrough of block cipher modes, IVs, and authenticated encryption.