Abstract
We study the security and performance of an altered Galois/Counter Mode (GCM) of operation. Recent studies (e.g. Krovetz and Rogaway FSE 2011) show that GCM performs rather poorly in modern software implementation because of polynomial hashing in the large field GF(2n) (n denotes the block size of the underlying cipher). This paper investigates whether we can use polynomial hashing in the ring GF(2n/2) X GF(2n/2) instead. Such a change would normally compromise the level of security down to Θ(2n/4) Nonetheless, our security proofs show that we can avoid such degradation by masking and then encrypting the hash result, guided by the tentative suggestion made by Ferguson in 2005. We also provide experimental data showing that the modified GCM runs at 1.777 cycles per byte on an Intel Sandy Bridge processor. This makes about 31% reduction from 2.59 cycles per byte of Gueron’s GCM implementation presented at Indocrypt 2011.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
3GPP: Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2 (2009), http://www.gsma.com/technicalprojects/fraud-security/security-algorithms/
ANSI: Fibre Channel Security Protocols (FC-SP) rev 1.74. INCITS working draft proposed (2006)
Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006)
Bernstein, D.J., Schwabe, P.: New AES software speed records. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 322–336. Springer, Heidelberg (2008)
Ferguson, N.: Authentication weaknesses in GCM. Comments Submitted to NIST Modes of Operation (2005)
Gueron, S.: Software optimizations for cryptographic primitives on general purpose x86_64 platforms. In: Bernstein, D.J., Chatterjee, S. (eds.) INDOCRYPT 2011. LNCS, vol. 7107, pp. 399–400. Springer, Heidelberg (2011)
IEEE MAC Security Task Group: 802.1ae—Media Access Control (MAC) security draft 5.1. IEEE Standards Association (2006)
IEEE Security in Storage Working Group: P1619.1 Authenticated encryption. IEEE Standards Association (2007)
IETF: The use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP). RFC 4106 (2005)
IETF: The use of Galois Message Authentication Code (GMAC). RFC 4543 (2006)
IETF: AES Galois Counter Mode (GCM) cipher suites for TLS. RFC 5288 (2008)
IETF: AES Galois Counter Mode for the Secure Shell Transport Layer Protocol. RFC 5647 (2009)
Intel Corporation: Fast Cryptographic Computation on Intel Architecture Processors Via Function Stitching (2010)
Intel Corporation: Intel Carry-Less Multiplication Instruction and its Usage for Computing the GCM Mode — Rev 2 (2010)
Iwata, T., Ohashi, K., Minematsu, K.: Breaking and repairing GCM security proofs. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 31–49. Springer, Heidelberg (2012)
JTC 1: Information Technology—Security Techniques—Authenticated Encryption. ISO/IEC 19772 (2009)
Karatsuba, A.A., Ofman, Y.P.: Multiplication of many-digital numbers by automatic computers. Proceedings of the USSR Academy of Sciences 145, 293–294 (1962)
Kohno, T., Viega, J., Whiting, D.: CWC: A high-performance conventional authenticated encryption mode. Cryptology ePrint Archive: Report 2003/106 (2003)
Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306–327. Springer, Heidelberg (2011)
Manley, R., Gregg, D.: A program generator for Intel AES-NI instructions. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 311–327. Springer, Heidelberg (2010)
McGrew, D.A., Viega, J.: The security and performance of the Galois/Counter Mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004)
Meloni, N., Nègre, C., Hasan, M.A.: High performance GHASH and impacts of a class of unconventional bases. J. Cryptographic Engineering 1(3), 201–218 (2011)
NIST: Advanced Encryption Standard (AES). FIPS Publication 197 (2001)
NIST: Recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) for confidentiality and authentication. Special Publication 800-38D (2007)
Rogaway, P.: Authenticated-encryption with associated-data. In: ACM CCS 2002, pp. 98–107. ACM Press (2002)
Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: A block-cipher mode of operation for efficient authenticated encryption. In: Reiter, M.K., Samarati, P. (eds.) ACM CCS 2001, pp. 196–205. ACM (2001)
Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006)
Saarinen, M.-J.O.: SGCM: The Sophie Germain counter mode. Cryptology ePrint Archive: Report 2011/326 (2011)
Saarinen, M.-J.O.: Cycling attacks on GCM, GHASH and other polynomial MACs and hashes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 216–225. Springer, Heidelberg (2012)
Satoh, A., Sugawara, T., Aoki, T.: High-speed pipelined hardware architecture for Galois counter mode. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 118–129. Springer, Heidelberg (2007)
Wegman, M.N., Carter, L.: New hash functions and their use in authentication and set equality. J. Comput. Syst. Sci. 22(3), 265–279 (1981)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Aoki, K., Yasuda, K. (2013). The Security and Performance of “GCM” when Short Multiplications Are Used Instead. In: Kutyłowski, M., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2012. Lecture Notes in Computer Science, vol 7763. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38519-3_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-38519-3_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38518-6
Online ISBN: 978-3-642-38519-3
eBook Packages: Computer ScienceComputer Science (R0)