Authentication weaknesses in GCM
نویسنده
چکیده
We show two weaknesses in the the authentication functionality of GCM when it is used with a short authentication tag. The first weakness raises the probability of a successful forgery significantly. The second weakness reveals the authentication key if the attacker manages to create successful forgeries.
منابع مشابه
GCM Update
Recently, Niels Ferguson submitted comments to NIST detailing an attack on GCM message authentication when authentication tags are truncated [3]. This work underscores the risks of using GCM with very short tags, and highlights the need for guidance on tag length. However, it does not violate the claims of GCM’s security analysis [4], nor does it present any weakness that was not described in t...
متن کاملGCM, GHASH and Weak Keys
The Galois/Counter Mode (GCM) of operation has been standardized by NIST to provide single-pass authenticated encryption. The GHASH authentication component of GCM belongs to a class of Wegman-Carter polynomial universal hashes that operate in the field GF (2). GCM uses the same block cipher key K to both encrypt data and to derive the generator H of the authentication polynomial. In present li...
متن کاملA High Speed Architecture for Galois/Counter Mode of Operation (GCM)
In this paper we present a fully pipelined high speed hardware architecture for Galois/Counter Mode of Operation (GCM) by analyzing the data dependencies in the GCM algorithm at the architecture level. We show that GCM encryption circuit and GCM authentication circuit have similar critical path delays resulting in an efficient pipeline structure. The proposed GCM architecture yields a throughpu...
متن کاملRFC 5288 AES - GCM Cipher
This memo describes the use of the Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM) as a Transport Layer Security (TLS) authenticated encryption operation. GCM provides both confidentiality and data origin authentication, can be efficiently implemented in hardware for speeds of 10 gigabits per second and above, and is also well-suited to software implementations. This memo define...
متن کاملAuthentication Key Recovery in Galois/Counter Mode (GCM)
GCM is used in a vast amount of security protocols and is quickly becoming the de facto mode of operation for block ciphers. In this paper we BLOCKIN
متن کامل