International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

The Security and Performance of the Galois/Counter Mode of Operation (Full Version)

Authors:
David A. McGrew
John Viega
Download:
URL: http://eprint.iacr.org/2004/193
Search ePrint
Search Google
Abstract: The recently introduced Galois/Counter Mode (GCM) of operation for block ciphers provides both encryption and message authentication, using universal hashing based on multiplication in a binary finite field. We analyze its security and performance, and show that it is the most efficient mode of operation for high speed packet networks, by using a realistic model of a network crypto module and empirical data from studies of Internet traffic in conjunction with software experiments and hardware designs. GCM has several useful features: it can accept IVs of arbitrary length, can act as a stand-alone message authentication code (MAC), and can be used as an incremental MAC. We show that GCM is secure in the standard model of concrete security, even when these features are used. We also consider several of its important system-security aspects.
BibTeX
@misc{eprint-2004-12165,
  title={The Security and Performance of the Galois/Counter Mode of Operation (Full Version)},
  booktitle={IACR Eprint archive},
  keywords={secret-key cryptography /},
  url={http://eprint.iacr.org/2004/193},
  note={ mcgrew@cisco.com 12698 received 10 Aug 2004, last revised 7 Oct 2004},
  author={David A. McGrew and John Viega},
  year=2004
}