Paper 2011/326

SGCM: The Sophie Germain Counter Mode

Markku-Juhani O. Saarinen


Sophie Germain Counter Mode (SGCM) is an authenticated encryption mode of operation, to be used with 128-bit block ciphers such as AES. SGCM is a variant of the NIST standardized Galois / Counter Mode (GCM) which has been found to be susceptible to weak key / short cycle forgery attacks. The GCM attacks are made possible by its extremely smooth-order multiplicative group which splits into 512 subgroups. Instead of GCM's $GF(2^{128})$, we use $GF(p)$ with $p=2^{128}+12451$, where $\frac{p-1}{2}$ is also a prime. SGCM is intended for those who want a concrete, largely technically compatible alternative to GCM. In this memo we give a technical specification of SGCM, together with some elements of its implementation, security and performance analysis. Test vectors are also included.

Note: Typos corrected.

Available format(s)
Publication info
Published elsewhere. Unknown where it was published
Authenticated EncryptionGCMSophie Germain Counter Mode.
Contact author(s)
mjos @ iki fi
2011-11-04: last of 5 revisions
2011-06-17: received
See all versions
Short URL
Creative Commons Attribution


      author = {Markku-Juhani O.  Saarinen},
      title = {SGCM: The Sophie Germain Counter Mode},
      howpublished = {Cryptology ePrint Archive, Paper 2011/326},
      year = {2011},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.