### The Security and Performance of the Galois/Counter Mode of Operation (Full Version)

David A. McGrew and John Viega

##### Abstract

The recently introduced Galois/Counter Mode (GCM) of operation for block ciphers provides both encryption and message authentication, using universal hashing based on multiplication in a binary finite field. We analyze its security and performance, and show that it is the most efficient mode of operation for high speed packet networks, by using a realistic model of a network crypto module and empirical data from studies of Internet traffic in conjunction with software experiments and hardware designs. GCM has several useful features: it can accept IVs of arbitrary length, can act as a stand-alone message authentication code (MAC), and can be used as an incremental MAC. We show that GCM is secure in the standard model of concrete security, even when these features are used. We also consider several of its important system-security aspects.

Note: Revised to incorporate suggestions from reviewers. This document is the full version of the paper; an extended abstract is to appear at INDOCRYPT '04.

Available format(s)
Category
Secret-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
mcgrew @ cisco com
History
2004-10-07: revised
See all versions
Short URL
https://ia.cr/2004/193

CC BY

BibTeX

@misc{cryptoeprint:2004/193,
author = {David A.  McGrew and John Viega},
title = {The Security and Performance of the Galois/Counter Mode of Operation (Full Version)},
howpublished = {Cryptology ePrint Archive, Paper 2004/193},
year = {2004},
note = {\url{https://eprint.iacr.org/2004/193}},
url = {https://eprint.iacr.org/2004/193}
}

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.