Galois/Counter Mode


Galois/Counter Mode

GCM mode (Galois/Counter Mode) is a mode of operation for symmetric key cryptographic block ciphers. It is an authenticated encryption algorithm designed to provide both authentication and privacy. GCM mode is defined for block ciphers with a block size of 128 bits. GMAC is an authentication-only variant of the GCM.

Encryption and authentication

. The GF(2^{128}) field used is defined by the polynomial x^{128}+x^7+x^2+x+1.

The GHASH function is defined by GHASH(H,A,C) = X_{m+n+1}, where the inputs A and C, and the variables X_i for i=0,dots, m+n+1 are defined as [McGrew, David A. & Viega, John; : "The Galois/Counter Mode of Operation (GCM)", page 5. 2005] X_i = egin{cases} 0 & mbox{for}~i=0 \ (X_{i-1} oplus A_i) cdot H & mbox{for}~i=1,ldots, m-1 \ (X_{m-1} oplus (A^*_mlVert0^{128-v})) cdot H & mbox{for}~i=m \ (X_{i-1} oplus C_{i-m}) cdot H & mbox{for}~i=m+1,ldots, m+n-1 \ (X_{m+n-1} oplus (C^*_mlVert0^{128-u})) cdot H & mbox{for}~i=m+n \ (X_{m+n} oplus (len(A)lVert len(C))) cdot H & mbox{for}~i=m+n+1 \ end{cases}

GCM mode was designed by John Viega and David A. McGrew as an improvement to Carter-Wegman Counter CWC mode.

GCM mode is used in the IEEE 802.1AE (MACsec) Ethernet security, ANSI (INCITS) Fibre Channel Security Protocols (FC-SP), IEEE P1619.1 tape storage, and IETF IPSec standards.

On November 26, 2007 NIST announced the release of NIST Special Publication 800-38D "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC" making GCM and GMAC official standards.

Performance

GCM requires one block cipher operation and one 128-bit multiplication in the Galois field per each block (128 bit) of encrypted and authenticated data.

Patents

According to the [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-nist-ipr.pdf authors' statement] , GCM is unencumbered by patents.

ee also

* Block cipher modes of operation

External links

* [http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf NIST Special Publication SP800-38D defining GCM and GMAC]
* RFC 4106: The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
* RFC 4543: The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
* [http://www.ieee802.org/1/pages/802.1ae.html IEEE 802.1AE - Media Access Control (MAC) Security]
* [http://siswg.org/ IEEE Security in Storage Working Group] works on P1619.1 standard; the latest draft can be obtained from the mailing list archives.
* [http://www.t11.org/index.htm INCITS T11 Technical Committee] works on [http://www.t11.org/t11/stat.nsf/7db1e1431d9d045f852566dc004cc14d/43b527df16f4b28d85256b9a00653843?OpenDocument Fiber Channel - Security Protocols] project.

Notes

References

* [http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf NIST Special Publication 800-38D (November, 2007)] Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication
* McGrew, David A. & Viega, John; : "The Galois/Counter Mode of Operation (GCM)", page 5. 2005


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Block cipher modes of operation — This article is about cryptography. For method of operating , see modus operandi. In cryptography, modes of operation is the procedure of enabling the repeated and secure use of a block cipher under a single key.[1][2] A block cipher by itself… …   Wikipedia

  • IPsec — im TCP/IP‑Protokollstapel: Anwendung HTTP IMAP SMTP DNS … Transport TCP UDP Internet IPsec Netzzugang …   Deutsch Wikipedia

  • Authentication Header — IPsec im TCP/IP‑Protokollstapel: Anwendung HTTP IMAP SMTP DNS … Transport TCP UDP …   Deutsch Wikipedia

  • Encapsulated Security Payload Protocol — IPsec im TCP/IP‑Protokollstapel: Anwendung HTTP IMAP SMTP DNS … Transport TCP UDP …   Deutsch Wikipedia

  • Encapsulating Security Payload — IPsec im TCP/IP‑Protokollstapel: Anwendung HTTP IMAP SMTP DNS … Transport TCP UDP …   Deutsch Wikipedia

  • IP-SEC — IPsec im TCP/IP‑Protokollstapel: Anwendung HTTP IMAP SMTP DNS … Transport TCP UDP …   Deutsch Wikipedia

  • IPSec — im TCP/IP‑Protokollstapel: Anwendung HTTP IMAP SMTP DNS … Transport TCP UDP …   Deutsch Wikipedia

  • IP Security — IPsec im TCP/IP‑Protokollstapel: Anwendung HTTP IMAP SMTP DNS … Transport TCP UDP …   Deutsch Wikipedia

  • Internet Key Exchange — IPsec im TCP/IP‑Protokollstapel: Anwendung HTTP IMAP SMTP DNS … Transport TCP UDP …   Deutsch Wikipedia

  • Internet Key Exchange Protocol — IPsec im TCP/IP‑Protokollstapel: Anwendung HTTP IMAP SMTP DNS … Transport TCP UDP …   Deutsch Wikipedia