Questions tagged [aes-gcm]

Deprecated tag, see tag info.

Advanced Encryption Standard Galois/Counter Mode, better known as AES-GCM is a mode of operation for symmetric key cryptographic block ciphers that has been widely adopted because of its efficiency and performance. GCM supports authenticated encryption, meaning that the mode not only offers privacy, but also integrity.

Please do not use this tag, use aes in combination with gcm.

211 questions

votes

2 answers

Can AES-GCM be broken if initialisation vector is known?

We are using AES encryption in GCM block mode in order to encrypt a number of different kinds of data at rest on a mobile device - Android. The key used for encryption is stored in the protected key-store offered Android so I am assuming that it is…

aes-gcm

asked Apr 13 '18 at 11:30

Suhas

votes

1 answer

Using keys as Additional Authentication Data in GCM

In my opinion, it's not a good idea to use (symmetric/asymmetric) keys as Additional Authentication Data (AAD) in GCM as AAD is only authenticated but not encrypted. The key will be protected from modification but will not be confidential anymore.…

aes-gcm

asked Apr 06 '21 at 09:45

HY Lin

votes

1 answer

What if an AES GCM nonce overflows and collides with the GHASH nonce (0^128)?

When using AES in GCM mode, the GHASH function uses E(0^128) as the initial value for H, the authentication key. The IV, for the underlaying CTR mode, is initialized with: [prefix (application nonce)] [initial_counter (4 byte counter)] This initial…

aes-gcm

asked Aug 26 '19 at 17:22

Beurtschipper

vote

0 answers

Store symmetrical (AES) key in Indexeddb?

Using web crypto API and it won't let me store an AES key in the indexeddb (it requires a public/private key). Does anyone have suggestions on how to do this? Should I/could I create a public/private key, store it in the indexeddb and use it to…

aes-gcm

asked Feb 19 '20 at 13:38

kaboom

vote

2 answers

AES GCM mode and the message is the same as the password

In a case of using a password and get AES key using KDF to encrypt the same password (The password and the message is the same), How secure is that algorithm ?

aes-gcm

asked Dec 02 '18 at 14:54

Sherif Awad

vote

1 answer

Can sending the same plaintext twice, each encrypted with different key and IV, weaken the encryption?

I'm basing code on: https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption#Authenticated_Encryption_using_GCM_mode If I send the same plaintext twice, encrypting each with a different key and IV, am I compromising the…

aes-gcm

asked Mar 22 '18 at 11:20

fadedbee

vote

2 answers

Does the AES-GCM specification require the tag-size to be bound to the GCM context?

Does GCM spec (NIST SP 800-38D) require tag-size to be fixed for an instance of GCM algorithm (which usually fixes a specific GCM key)? Asked differently, is the following a legitimate adherence to GCM spec? There is a discussion going on on GitHub…

aes-gcm

asked Jul 14 '22 at 21:34

Stan Drapkin

vote

0 answers

How fast is GHASH and what does it do?

I read here: https://www.researchgate.net/publication/220335697_GCM_GHASH_and_Weak_Keys how GHASH works. So we have $m$ 128-bit blocks $X_{i}$ and we compute in $GF(2^{128})$: $Y_{m} = \sum_{i=1}^{m} X_{i} \times H^{m-i+1}$ $H$ is a key. Am I see…

aes-gcm

asked May 13 '22 at 01:28

Tom

1,221
6
16

votes

1 answer

Best practices: AES-GCM parameter (initialization-vector, ...) transport

Apparently there is no mandatory method to transport AES-GCM parameters. I only read that the initialization vector often will be prefixed to the ciphertext. So, regarding the other parameters too, I could send a string like this my_string =…

aes-gcm

asked Nov 11 '17 at 09:14

User01638

votes

0 answers

Seeking Guidance on Building Isomorphic Matrices for AES GCM in Composite Fields

I'm a beginner in cryptography, currently focusing on AES GCM, specifically the GF(2^128) multiplier which employs the irreducible polynomial x^128 + x^7 + x^2 + x + 1. I try to explore the transformation of GF(2^128) into composite fields, like…

aes-gcm

asked Jan 13 '24 at 12:51

KAI

votes

1 answer

AES-GCM across multiple packets

I am just getting started with cryptography. After doing some research, I see that people usually advice against encryption using the same key and nonce. However if a message is too long and has to be broken up into multiple packets, how exactly…

aes-gcm

asked Jul 29 '23 at 03:09

Guest123456

votes

1 answer

AES GCM mode - what is ouput in that scheme?

I'm trying to understand that scheme: https://xilinx.github.io/Vitis_Libraries/security/2019.2/guide_L1/internals/gcm.html Here on page 11 it looks like GHASH gives only one value "Return…

aes-gcm

asked May 14 '22 at 05:05

Tom

1,221
6
16