Galois/Counter Mode

GCM mode (Galois/Counter Mode) is a mode of operation for symmetric key cryptographic block ciphers. It is an authenticated encryption algorithm designed to provide both authentication and privacy. GCM mode is defined for block ciphers with a block size of 128 bits. GMAC is an authentication-only variant of the GCM.

Encryption and authentication

. The GF($2^\{128\}$) field used is defined by the polynomial $x^\{128\}+x^7+x^2+x+1$.

The GHASH function is defined by $GHASH(H,A,C)\; =\; X\_\{m+n+1\}$, where the inputs $A$ and $C$, and the variables $X\_i$ for $i=0,dots,\; m+n+1$ are defined as [McGrew, David A. & Viega, John; : "The Galois/Counter Mode of Operation (GCM)", page 5. 2005]

GCM mode was designed by John Viega and David A. McGrew as an improvement to Carter-Wegman Counter CWC mode.

GCM mode is used in the IEEE 802.1AE (MACsec) Ethernet security, ANSI (INCITS) Fibre Channel Security Protocols (FC-SP), IEEE P1619.1 tape storage, and IETF IPSec standards.

On November 26, 2007 NIST announced the release of NIST Special Publication 800-38D "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC" making GCM and GMAC official standards.

Performance

GCM requires one block cipher operation and one 128-bit multiplication in the Galois field per each block (128 bit) of encrypted and authenticated data.

Patents

According to the [http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-nist-ipr.pdf authors' statement] , GCM is unencumbered by patents.

ee also

* Block cipher modes of operation

External links

* [http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf NIST Special Publication SP800-38D defining GCM and GMAC]
* RFC 4106: The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
* RFC 4543: The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
* [http://www.ieee802.org/1/pages/802.1ae.html IEEE 802.1AE - Media Access Control (MAC) Security]
* [http://siswg.org/ IEEE Security in Storage Working Group] works on P1619.1 standard; the latest draft can be obtained from the mailing list archives.
* [http://www.t11.org/index.htm INCITS T11 Technical Committee] works on [http://www.t11.org/t11/stat.nsf/7db1e1431d9d045f852566dc004cc14d/43b527df16f4b28d85256b9a00653843?OpenDocument Fiber Channel - Security Protocols] project.

Notes

References

* [http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf NIST Special Publication 800-38D (November, 2007)] Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) for Confidentiality and Authentication
* McGrew, David A. & Viega, John; : "The Galois/Counter Mode of Operation (GCM)", page 5. 2005