AES hardware accelerator (AES) RM0453
656/1461 RM0453 Rev 1
Galois/counter mode (GCM)
Figure 105. GCM encryption and authentication principle
In Galois/counter mode (GCM), the plaintext message is encrypted while a message
authentication code (MAC) is computed in parallel, thus generating the corresponding
ciphertext and its MAC (also known as authentication tag). It is defined in NIST Special
Publication 800-38D, Recommendation for Block Cipher Modes of Operation -
Galois/Counter Mode (GCM) and GMAC.
GCM mode is based on AES in counter mode for confidentiality. It uses a multiplier over a
fixed finite field for computing the message authentication code. It requires an initial value
and a particular 128-bit block at the end of the message.
Galois message authentication code (GMAC) principle
Figure 106. GMAC authentication principle
Galois message authentication code (GMAC) allows authenticating a message and
generating the corresponding message authentication code (MAC). It is defined in NIST
Special Publication 800-38D, Recommendation for Block Cipher Modes of Operation -
Galois/Counter Mode (GCM) and GMAC.
MSv42143V1
Plaintext block 1
Ciphertext block 1 Ciphertext block 2 Ciphertext block 3
Encrypt Encrypt Encrypt
key key key
Plaintext block 2 Plaintext block 3
Counter Counter Counter
+1 +1
GF2mul GF2mul GF2mul
Final
TAG
Init
(Encrypt)
key
Initialization
vector
H
input
output
Legend
XOR
value value + 1 value + 2
MSv42144V1
Plaintext block 1 Plaintext block 2 Plaintext block 3
GF2mul GF2mul GF2mul
Final
TAG
Init
(Encrypt)
key
Initialization
vector
H
input
output
Legend
XOR
To Next Page
Loading...
