Sciweavers

IACR
2011

GCM, GHASH and Weak Keys

12 years 3 months ago
GCM, GHASH and Weak Keys
The Galois/Counter Mode (GCM) of operation has been standardized by NIST to provide single-pass authenticated encryption. The GHASH authentication component of GCM belongs to a class of Wegman-Carter polynomial universal hashes that operate in the field GF(2128 ). GCM uses the same block cipher key K to both encrypt data and to derive the generator H of the authentication polynomial. In present literature, only the trivial weak key H = 0 has been considered. In this note we show that GHASH has much wider classes of weak keys, analyze some of their properties, and give experimental results when GCM is used with the AES algorithm.
Markku-Juhani O. Saarinen
Added 23 Dec 2011
Updated 23 Dec 2011
Type Journal
Year 2011
Where IACR
Authors Markku-Juhani O. Saarinen
Comments (0)