Wiki

User Tools

Site Tools

Trace: rule_categories file chrome
ciphers:gcm

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
ciphers:gcm [2020/05/26 00:24] – created peterciphers:gcm [2020/07/15 09:30] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ====== Ciphers - GCM ====== ====== Ciphers - GCM ======
  
-GCM ([[http://en.wikipedia.org/wiki/Galois/Counter_Mode|Galois Counter Mode]]):+**GCM** ([[http://en.wikipedia.org/wiki/Galois/Counter_Mode|Galois Counter Mode]]) is a is a [[https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation|mode of operation]] for symmetric-key cryptographic [[https://en.wikipedia.org/wiki/Block_cipher|block cipher]] widely adopted for its performance. 
 + 
 +The operation is an [[https://en.wikipedia.org/wiki/Authenticated_encryption|authenticated encryption]] algorithm designed to provide both data authenticity (integrity) and confidentiality.  
 + 
 +GCM is defined for block ciphers with a block size of 128 bits. 
 + 
 +----
  
 ===== Pros ===== ===== Pros =====
Line 9: Line 15:
   * Extremely fast.   * Extremely fast.
   * Patent-free.   * Patent-free.
-  * Spported as a [[http://tools.ietf.org/html/rfc5288|TLS ciphersuite]]. +  * Can take full advantage of parallel processing. 
-  * Supported by OpenSSL.+  * Implementing GCM can make efficient use of an instruction pipeline or a hardware pipeline. 
 +  * Supported as a [[http://tools.ietf.org/html/rfc5288|TLS ciphersuite]]. 
 +  * Supported by [[https://en.wikipedia.org/wiki/OpenSSL|OpenSSL]].
   * Supported by Crypto++.   * Supported by Crypto++.
  
  
 +----
  
 ===== Cons ===== ===== Cons =====
  
-  * GCM is CTR mode encryption with the addition of a Carter-Wegman MAC set in a Galois field.+  * GCM is CTR mode encryption with the addition of a Carter-Wegman MAC set in a [[https://en.wikipedia.org/wiki/Galois_field|Galois field]].
   * Implementing GCM is a hassle in a way that most other AEADs (Authenticated Encryption with Associated Data) are not.  But if you have someone else’s implementation — say OpenSSL’s — it’s a perfectly lovely mode.   * Implementing GCM is a hassle in a way that most other AEADs (Authenticated Encryption with Associated Data) are not.  But if you have someone else’s implementation — say OpenSSL’s — it’s a perfectly lovely mode.
  
Line 24: Line 33:
  
   - The first weakness is that an n-bit tag provides only n − k bits of authentication security when messages are 2 k blocks long.   - The first weakness is that an n-bit tag provides only n − k bits of authentication security when messages are 2 k blocks long.
-    * Competing modes do not have this problem, or have it only when n = 128, in which case the practical effect is minimal.+    * Competing modes do not have this problem, or have it only when n = 128, in which case the practical effect is minimal.\\ \\ 
   - A successful forgery immediately reveals information about the authen­tication key.   - A successful forgery immediately reveals information about the authen­tication key.
     * This weakness exacerbates the consequences of the first one, and leads to a complete loss of authentication security.     * This weakness exacerbates the consequences of the first one, and leads to a complete loss of authentication security.
  
  
ciphers/gcm.1590452682.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki