Paper 2017/168
AES-GCM-SIV: Specification and Analysis
Shay Gueron, Adam Langley, and Yehuda Lindell
Abstract
In this paper, we describe and analyze the security of the AES-GCM-SIV mode of operation, as defined in the CFRG specification \cite{CFRG}. This mode differs from the original GCM-SIV mode that was designed in \cite{GL2015} in two main aspects. First, the CTR encryption uses a 127-bit pseudo-random counter instead of a 95-bit pseudo-random value concatenated with a 32-bit counter. This construction leads to improved security bounds when encrypting short messages. In addition, a new key derivation function is used for deriving a fresh set of keys for each nonce. This addition allows for encrypting up to
Metadata
- Available format(s)
-
PDF
- Category
- Secret-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- modes of operationnonce-misuse resistancesecurity bounds
- Contact author(s)
- Yehuda Lindell @ biu ac il
- History
- 2018-12-14: last of 4 revisions
- 2017-02-23: received
- See all versions
- Short URL
- https://ia.cr/2017/168
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/168, author = {Shay Gueron and Adam Langley and Yehuda Lindell}, title = {{AES}-{GCM}-{SIV}: Specification and Analysis}, howpublished = {Cryptology {ePrint} Archive, Paper 2017/168}, year = {2017}, url = {https://eprint.iacr.org/2017/168} }