I am wondering does AES-GCM which uses Authenticated Encryption provide us with all 3 properties (Authenticity, Confidentiality, and Integrity), or does it not provide integrity?
Asked
Active
Viewed 880 times
2
-
3Usually if message authenticity is provided it implies integrity. If it wasn't, an attacker would be able to construe a different authenticated message under the same key. So although they are different properties, they are closely related. – Maarten Bodewes Oct 26 '22 at 10:39
-
A piece of recommended reading from our picked list – DannyNiu Oct 26 '22 at 11:31
1 Answers
3
AES-GCM (Galois Counter Mode) internally uses AES in CTR mode that can provide confidentiality and at most Ind-CPA security. AES-GCM also uses GHASH to provide integrity and authentication like any secure MAC.
In the end, AES-GCM constitutes an authenticated encryption (AE) mode with Associated Data ( AEAD).
One should be careful when using AES-GCM since there are many pitfalls and if you want to use it use AES-GCM-SIV which is safe from IV-reuse problems.
Keep in mind that the authentication is here mutual authentication ( both parties has the same right on the authentication, and should not be confused with the digital signature that can provide non-repudiation.
| Hash | MACs | Digital signatures | |
|---|---|---|---|
| Integrity | Yes | Yes | yes |
| Authentication | No | Yes | Yes |
| Non-Repuditiation | No | No | Yes |
kelalaka
- 48,443
- 11
- 116
- 196