Authentication Key Recovery on Galois/Counter Mode (GCM)
نویسندگان
چکیده
GCM is used in a vast amount of security protocols and is quickly becoming the de facto mode of operation for block ciphers due to its exceptional performance. In this paper we analyze the NIST standardized version (SP 800-38D) of GCM, and in particular the use of short tag lengths. We show that feedback of successful or unsuccessful forgery attempt is almost always possible, contradicting the NIST assumptions for short tags. We also provide a complexity estimation of Ferguson’s authentication key recovery method on short tags, and suggest several novel improvements to Fergusons’s attacks that significantly reduce the security level for short tags. We show that for many truncated tag sizes; the security levels are far below, not only the current NIST requirement of 112-bit security, but also the old NIST requirement of 80-bit security. We therefore strongly recommend NIST to revise SP 800-38D.
منابع مشابه
Authentication Key Recovery in Galois/Counter Mode (GCM)
GCM is used in a vast amount of security protocols and is quickly becoming the de facto mode of operation for block ciphers. In this paper we BLOCKIN
متن کاملGCM, GHASH and Weak Keys
The Galois/Counter Mode (GCM) of operation has been standardized by NIST to provide single-pass authenticated encryption. The GHASH authentication component of GCM belongs to a class of Wegman-Carter polynomial universal hashes that operate in the field GF (2). GCM uses the same block cipher key K to both encrypt data and to derive the generator H of the authentication polynomial. In present li...
متن کاملRFC 5288 AES - GCM Cipher
This memo describes the use of the Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM) as a Transport Layer Security (TLS) authenticated encryption operation. GCM provides both confidentiality and data origin authentication, can be efficiently implemented in hardware for speeds of 10 gigabits per second and above, and is also well-suited to software implementations. This memo define...
متن کاملHigh Speed VLSI Architecture for AES-Galois/Counter Mode
Galois/Counter Mode of Operation (GCM) is a block cipher mode operation used to provide encryption and authentication using universal Hashing based on multiplication over binary Galois/Finite Field.GCM can be implemented on both hardware and software effectively and efficiently. GCM supports pipelined and parallelized implementations to have minimal computational latency in order to be useful a...
متن کاملA High Speed Architecture for Galois/Counter Mode of Operation (GCM)
In this paper we present a fully pipelined high speed hardware architecture for Galois/Counter Mode of Operation (GCM) by analyzing the data dependencies in the GCM algorithm at the architecture level. We show that GCM encryption circuit and GCM authentication circuit have similar critical path delays resulting in an efficient pipeline structure. The proposed GCM architecture yields a throughpu...
متن کامل