12.4: Galois Counter Mode for AEAD
- Page ID
- 86463
The most common block cipher mode for AEAD is called Galois Counter Mode (GCM). GCM is essentially an instance of encrypt-then-MAC, combining CTR mode for encryption and the polynomial-based Carter-Wegman MAC for authentication. GCM is relatively inexpensive since it requires only one call to the block cipher per plaintext block, plus one multiplication for each block of ciphertext + associated data.
Rather than using polynomials over \(\mathbb{Z}_{p}\), GCM mode uses polynomials defined over a finite field with \(2^{\lambda}\) elements. Such fields are often called "Galois fields", which leads to the name Galois counter mode.
- to-do
-
More information about GCM will go here. Again, would be nice to have a crash course in nite elds.