Galois / Counter Mode

Galois / Counter Mode ( GCM ) is an operating mode in which block ciphers for a symmetrical encryption application can be operated. As an essential feature it offers an authenticated encryption mode with associated data, English Authenticated Encryption with Associated Data (AEAD) to enable both the authentication and the encryption of messages. The method is also designed for a high data throughput, with the option of parallelization of the data streams, and is therefore used for real-time encryption of network data and for storage such as hard disk systems. The Galois / Counter Mode was developed by David A. McGrew and John Viega and presented at the Indocrypt in 2004 . The procedure has been specified in the NIST standard 800-38D since 2007 .

General

Block structure of GCM for encryption

The operating mode of a block cipher, for example Advanced Encryption Standard (AES), makes it possible to encrypt messages that are longer than the block length of the block cipher. Operating modes frequently used in practice include the Cipher Block Chaining Mode (CBC) and the Counter Mode (CTR), on which GCM is also based.

As with CTR, the GCM also uses a counter that is unique for each block; the block size of the block cipher is set to 128 bits. If the encrypted data is not used, GCM is reduced to authentication and is then referred to as GMAC ( Galois Message Authentication Code ). It can also be used as a substitute for error detection methods in this application area.

While the encryption of the data is essentially based on the operating mode of the adapted counter mode (CTR), the authentication function is implemented through parallel multiplications in the Galois body . ${\ displaystyle \ operatorname {GF} \ left (2 ^ {128} \ right)}$

Applications

GCM is used, among other things, in the IEEE 802.11ad network standard , as an option for IPsec and in conjunction with the Advanced Encryption Standard (AES) as AES-GCM in Secure Shell (SSH), in TLS 1.2 and in the LTO standard from generation 4.

literature

David A. McGrew, John Viega: The Galois / Counter Mode of Operation (GCM) . 2012 ( Online [PDF]).

Individual evidence

^ David A. McGrew, John Viega: The Security and Performance of the Galois / Counter Mode (GCM) of Operation. Ed .: Proceedings of INDOCRYPT 2004. Springer-Verlag, 2004, ISBN 978-3-540-24130-0 , pp. 343-355 , doi : 10.1007 / 978-3-540-30556-9_27 ( online [PDF]).
^ Morris Dworkin: Recommendation for Block Cipher Modes of Operation: Galois / Counter Mode (GCM) and GMAC . National Institute of Standards and Technology (NIST), 2007 ( Online [PDF] NIST Special Publication 800-38D).
↑ RFC 4106 : The Use of Galois / Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
↑ RFC 4543 : The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
↑ RFC 5647 : AES Galois Counter Mode for the Secure Shell Transport Layer Protocol
↑ RFC 5288 : AES Galois Counter Mode (GCM) Cipher Suites for TLS
↑ RFC 6367 : Addition of the Camellia Cipher Suites to Transport Layer Security (TLS)

[indoc1-1] David A. McGrew, John Viega: The Security and Performance of the Galois / Counter Mode (GCM) of Operation. Ed .: Proceedings of INDOCRYPT 2004. Springer-Verlag, 2004, ISBN 978-3-540-24130-0 , pp. 343-355 , doi : 10.1007 / 978-3-540-30556-9_27 ( online [PDF]).

[nist1-2] Morris Dworkin: Recommendation for Block Cipher Modes of Operation: Galois / Counter Mode (GCM) and GMAC . National Institute of Standards and Technology (NIST), 2007 ( Online [PDF] NIST Special Publication 800-38D).

[rfc4106-3] RFC 4106 : The Use of Galois / Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)

[rfc4543-4] RFC 4543 : The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH

[rfc5647-5] RFC 5647 : AES Galois Counter Mode for the Secure Shell Transport Layer Protocol

[rfc5288-6] RFC 5288 : AES Galois Counter Mode (GCM) Cipher Suites for TLS

[rfc6367-7] RFC 6367 : Addition of the Camellia Cipher Suites to Transport Layer Security (TLS)