HOME

TheInfoList



Click Here for Items Related To - AES-GCM-SIV
OR:
AES-GCM-SIV on:   [Wikipedia]   [Google]   [Amazon]

AES-GCM-SIV is a
mode of operation In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transform ...
for the
Advanced Encryption Standard The Advanced Encryption Standard (AES), also known by its original name Rijndael (), is a specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001. AES is a variant ...
which provides similar performance to
Galois/Counter Mode In cryptography, Galois/Counter Mode (GCM) is a mode of operation for symmetric-key cryptographic block ciphers which is widely adopted for its performance. GCM throughput rates for state-of-the-art, high-speed communication channels can be achiev ...
as well as misuse resistance in the event of the reuse of a
cryptographic nonce In cryptography, a nonce is an arbitrary number that can be used just once in a cryptographic communication. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused in ...
. The construction is defined in RFC 8452.


About

AES-GCM-SIV is designed to preserve both privacy and integrity even if nonces are repeated. To accomplish this, encryption is a function of a nonce, the plaintext message, and optional additional associated data (AAD). In the event a nonce is misused (i.e. used more than once), nothing is revealed except in the case that same message is encrypted multiple times with the same nonce. When that happens, an attacker is able to observe repeat encryptions, since encryption is a deterministic function of the nonce and message. However, beyond that, no additional information is revealed to the attacker. For this reason, AES-GCM-SIV is an ideal choice in cases that unique nonces cannot be guaranteed, such as multiple servers or network devices encrypting messages under the same key without coordination.


Operation

Like Galois/Counter Mode, AES-GCM-SIV combines the well-known
counter mode In cryptography, a block cipher mode of operation is an algorithm that uses a block cipher to provide information security such as confidentiality or authenticity. A block cipher by itself is only suitable for the secure cryptographic transforma ...
of encryption with the Galois mode of authentication. The key feature is the use of a synthetic
initialization vector In cryptography, an initialization vector (IV) or starting variable (SV) is an input to a cryptographic primitive being used to provide the initial state. The IV is typically required to be random or pseudorandom, but sometimes an IV only needs to ...
which is computed with
Galois field In mathematics, a finite field or Galois field (so-named in honor of Évariste Galois) is a field that contains a finite number of elements. As with any field, a finite field is a set on which the operations of multiplication, addition, subtra ...
multiplication using a construction called POLYVAL (a
little-endian In computing, endianness, also known as byte sex, is the order or sequence of bytes of a word of digital data in computer memory. Endianness is primarily expressed as big-endian (BE) or little-endian (LE). A big-endian system stores the most si ...
variant of Galois/Counter Mode's GHASH). POLYVAL is run over the combination of nonce, plaintext, and additional data, so that the IV is different for each combination. POLYVAL is defined over GF(2128) by the polynomial: : x^ + x^ + x^ + x^ + 1 Note that GHASH is defined over the "reverse" polynomial: : x^ + x^7 + x^2 + x + 1 This change provides efficiency benefits on little-endian architectures.


See also

*
Authenticated encryption Authenticated Encryption (AE) and Authenticated Encryption with Associated Data (AEAD) are forms of encryption which simultaneously assure the confidentiality and authenticity of data. Programming interface A typical application programming in ...
*
Stream cipher stream cipher is a symmetric key cipher where plaintext digits are combined with a pseudorandom cipher digit stream (keystream). In a stream cipher, each plaintext digit is encrypted one at a time with the corresponding digit of the keystream ...


References


External links

* : AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption
BIU: Webpage for the AES-GCM-SIV Mode of Operation
h2>

Implementations

Implementations of AES-GCM-SIV are available, among others, in the following languages:
C

C#

Go

Go

Java

PHP

Python

Rust
{{Cryptography navbox , block , hash Block cipher modes of operation Finite fields Message authentication codes Authenticated-encryption schemes