gcm spec chế độ truy cập
➤ Gửi thông báo lỗi ⚠️ Báo cáo tài liệu vi phạmNội dung chi tiết: gcm spec chế độ truy cập
gcm spec chế độ truy cập
The Galois/Counter Mode of Operation (GCM)David A. McGrew Cisco Systems, Inc.170 West Tasman Drive San Jose, c A 95032 mcgrew^cisco.comJohn Viega Secu gcm spec chế độ truy cậpure Software4100 Lafayette Center Drive, Suite 100 Chantilly, VA 20151 viegaQsecuresoftware.comContents1Introduction12Definition22.1Inputs and Outputs.......................................................... 22.2Notation.................................................................... 32.3Encryp gcm spec chế độ truy cậption.................................................................. 42.4Decryption.................................................................gcm spec chế độ truy cập
. 72.5Multiplication in67'’(2128)................................................ 73The Field (7F(2128)84Implementation104.1Software..................The Galois/Counter Mode of Operation (GCM)David A. McGrew Cisco Systems, Inc.170 West Tasman Drive San Jose, c A 95032 mcgrew^cisco.comJohn Viega Secu gcm spec chế độ truy cậperties and Rationale167Security22AGCM for 64-bit block ciphers25BAES Test Vectors27GCM1 IntroductionGalois/Counter Mode (GCM) is a block cipher mode of operation that uses universal hashing over a binary Galois field to provide authenticated encryption. It can be implemented in hardware to achieve h gcm spec chế độ truy cậpigh speeds with low cost and low latency. Software implementations can achieve excellent performance by using table-driven field operations. It uses mgcm spec chế độ truy cập
echanisms that are supported by a well-understood theoretical foundation, and its security follows from a single reasonable assumption about the securThe Galois/Counter Mode of Operation (GCM)David A. McGrew Cisco Systems, Inc.170 West Tasman Drive San Jose, c A 95032 mcgrew^cisco.comJohn Viega Secu gcm spec chế độ truy cậpits per second and above in hardware, perform well in software, and is free of intellectual property restrictions, rhe mode must admit pipelined and paralellized implementations and have minimal computational latency in order to be useful at high data rates. Counter mode has emerged as the best meth gcm spec chế độ truy cậpod for high-speed encryption, because it meets those requirements. I lowever, there is no suitable standard message authentication algorithm. This facgcm spec chế độ truy cập
t leaves US in the situation in which we can encrypt at high speed, but we cannot provide message authentication that can keep up with our cipher. ThiThe Galois/Counter Mode of Operation (GCM)David A. McGrew Cisco Systems, Inc.170 West Tasman Drive San Jose, c A 95032 mcgrew^cisco.comJohn Viega Secu gcm spec chế độ truy cậpode meets the same criteria. CBC-MAC |1, /\p-pendix FJ and the modes that use it to provide authentication, such as CCM |2|, EAX Ị3|, and OMAC [41, cannot be pipelined or parallelized, and thus are unsuitable for high data rates. OCB |5J is covered by multiple intellectual property claims, ewe |6] d gcm spec chế độ truy cậpoes not share those problems, but is less appropriate for high speed implementations. In particular, CWC's message authentication component uses 127-bgcm spec chế độ truy cập
it integer multiplication operations whose implementation costs exceed those of even AES counter mode at high speeds, and it has a circuit depth that The Galois/Counter Mode of Operation (GCM)David A. McGrew Cisco Systems, Inc.170 West Tasman Drive San Jose, c A 95032 mcgrew^cisco.comJohn Viega Secu gcm spec chế độ truy cậpst of counter mode at high speeds.GCM also has additional useful properties. It is capable of acting as a stand-alone MAC, authenticating messages when there is no data to encrypt, with no modifications. Importantly, it can be used as an incremental MAC [7]: if an authentication tag is computed for gcm spec chế độ truy cậpa message, then part of the message is changed, an authentication tag can be computed for the new message with computational cost proportional to thegcm spec chế độ truy cập
number of bits that were changed. This feature is unique among all of the proposed modes.Another useful property is that it accepts initialization vecThe Galois/Counter Mode of Operation (GCM)David A. McGrew Cisco Systems, Inc.170 West Tasman Drive San Jose, c A 95032 mcgrew^cisco.comJohn Viega Secu gcm spec chế độ truy cậpicated encryption is needed, there is a data element that could be used as a nonce, or as a part of a nonce, except that the length of the elements) may exceed the block size of the cipher. In GCM, a nonce of any size can be used as the IV. This property is shared with EAX, but no otherIGCMproposed gcm spec chế độ truy cậpmode.This document is organized as follows. Section 2 contains a complete specification of GCM, and is the only normative part of this document. Sectigcm spec chế độ truy cập
on 3 contains an overview of finite fields and a detailed description of the field representation used in GCM. Implementation strategies are describedThe Galois/Counter Mode of Operation (GCM)David A. McGrew Cisco Systems, Inc.170 West Tasman Drive San Jose, c A 95032 mcgrew^cisco.comJohn Viega Secu gcm spec chế độ truy cập, along with a detailed performance comparison with other modes. The security analysis is summarized in Section 7. Appendix A describes the use of GCM for 64-bit block ciphers. Test data that can be used for validating AES GCM implementations is contained in Appendix B.2 DefinitionThis section conta gcm spec chế độ truy cậpins the complete definition of GCM for 128-bit block ciphers, The mode is slightly different when applied to 64-bit block ciphers; those differences agcm spec chế độ truy cập
re outlined in Appendix A.The Galois/Counter Mode of Operation (GCM)David A. McGrew Cisco Systems, Inc.170 West Tasman Drive San Jose, c A 95032 mcgrew^cisco.comJohn Viega SecuThe Galois/Counter Mode of Operation (GCM)David A. McGrew Cisco Systems, Inc.170 West Tasman Drive San Jose, c A 95032 mcgrew^cisco.comJohn Viega SecuGọi ngay
Chat zalo
Facebook