Galois/Counter Mode

In cryptography, Galois/Counter Mode (GCM) is a special way to use certain types of secret codes, called symmetric-key block ciphers, to keep information safe. GCM is known for being very fast and efficient, whether it is used in computers or special hardware devices.

GCM does more than just hide information—it also makes sure that the information has not been changed by someone who should not touch it. When someone sends a message using GCM, they also create a special check called a tag. The person receiving the message can use this tag to confirm that the message is exactly as it was sent and has not been altered.

GCM works by using a block cipher, often AES-128, in a way that mixes encryption with mathematical checks. These checks use something called the Galois field GF(2¹²⁸), which helps create the authentication tag. Because of how it is designed, GCM can take advantage of modern computer abilities, like parallel processing, making it faster than older methods such as cipher block chaining. This makes GCM very useful for protecting data in many modern systems.

Basic operation

Like in normal counter mode, blocks are numbered in order. This block number is mixed with a special starting number called an initialization vector (IV) and then locked up using a strong security tool called a block cipher E, often AES. The locked-up result is then mixed using a process called XORed with the original message, known as plaintext, to create the secret code, or ciphertext. This method works like a stream cipher, so it’s very important to use a new IV for every message.

The secret code blocks are used as parts of a math expression called a polynomial. This expression is calculated using special math called finite field arithmetic, and the result is locked up again to make an authentication tag. This tag helps make sure the message hasn’t been changed and stays safe. The final message includes the IV, the secret code, and this authentication tag.

Mathematical basis

GCM combines counter mode encryption with Galois mode authentication. It uses a special kind of math called Galois field multiplication, which can be done faster on computers than other methods. This makes GCM good for sending information securely and checking that it hasn’t been changed.

GCM was created by John Viega and David A. McGrew. In November 2007, it became an official standard recommended by NIST. Main article: Galois/Counter Mode

Use

GCM mode is used in many important security systems. It helps protect data in Ethernet networks through IEEE 802.1AE, in WiFi security with WPA3-Enterprise, and in high-speed wireless connections like IEEE 802.11ad (also called WiGig). It is also used in storage systems such as IEEE P1619.1 and in protocols like IPsec, SSH, and TLS for safe internet communication. GCM is part of security suites recommended by groups like the NSA Suite B Cryptography and the Commercial National Security Algorithm (CNSA). It is also found in popular VPN services such as SoftEther VPN and OpenVPN.

Performance

GCM uses special computer operations to encrypt and check data quickly. Some computers have built-in instructions that make these operations even faster. For example, Intel processors can handle these tasks very efficiently, achieving high speeds.

Researchers have tested GCM on different computers and found ways to make it run even faster by using the computer's ability to do many tasks at once. This helps improve performance when both encrypting and checking data together. However, some smaller devices might not work as well with GCM because they are designed differently.

Patents

According to the authors' statement, GCM is not restricted by any patents. This means anyone can use this method freely without needing special permission.

Security

GCM is designed to keep information safe when used correctly. It works best with a special number called an initialization vector that must be different each time you use the same key. There is a limit to how much data GCM can handle with one key.

The strength of GCM’s protection depends on a number called the authentication tag. Shorter tags are not recommended because they make the system less secure. The tag’s length can be set to different values, but using very short tags requires careful planning to avoid problems.