**SGCM: The Sophie Germain Counter Mode**

*Markku-Juhani O. Saarinen*

**Abstract: **Sophie Germain Counter Mode (SGCM) is an authenticated encryption mode of operation, to be used with 128-bit block ciphers such as AES. SGCM is a variant of the NIST standardized Galois / Counter Mode (GCM) which has been found to be susceptible to weak key / short cycle forgery attacks. The GCM attacks are made possible by its extremely smooth-order multiplicative group which splits into 512 subgroups. Instead of GCM's $GF(2^{128})$, we use $GF(p)$ with $p=2^{128}+12451$, where $\frac{p-1}{2}$ is also a prime. SGCM is intended for those who want a concrete, largely technically compatible alternative to GCM. In this memo we give a technical specification of SGCM, together with some elements of its implementation, security and performance analysis. Test vectors are also included.

**Category / Keywords: **Authenticated Encryption, GCM, Sophie Germain Counter Mode.

**Date: **received 16 Jun 2011, last revised 4 Nov 2011

**Contact author: **mjos at iki fi

**Available format(s): **PDF | BibTeX Citation

**Note: **Typos corrected.

**Version: **20111104:172351 (All versions of this report)

**Short URL: **ia.cr/2011/326

**Discussion forum: **Show discussion | Start new discussion

[ Cryptology ePrint archive ]