Skip to main content
SpringerLink
Log in
SpringerLink
Log in

The Security and Performance of “GCM” when Short Multiplications Are Used Instead

  • Conference paper
Information Security and Cryptology (Inscrypt 2012)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7763))

Included in the following conference series:

Abstract

We study the security and performance of an altered Galois/Counter Mode (GCM) of operation. Recent studies (e.g. Krovetz and Rogaway FSE 2011) show that GCM performs rather poorly in modern software implementation because of polynomial hashing in the large field GF(2n) (n denotes the block size of the underlying cipher). This paper investigates whether we can use polynomial hashing in the ring GF(2n/2) X GF(2n/2) instead. Such a change would normally compromise the level of security down to Θ(2n/4) Nonetheless, our security proofs show that we can avoid such degradation by masking and then encrypting the hash result, guided by the tentative suggestion made by Ferguson in 2005. We also provide experimental data showing that the modified GCM runs at 1.777 cycles per byte on an Intel Sandy Bridge processor. This makes about 31% reduction from 2.59 cycles per byte of Gueron’s GCM implementation presented at Indocrypt 2011.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 3GPP: Specification of the 3GPP Confidentiality and Integrity Algorithms UEA2 & UIA2 (2009), http://www.gsma.com/technicalprojects/fraud-security/security-algorithms/

  2. ANSI: Fibre Channel Security Protocols (FC-SP) rev 1.74. INCITS working draft proposed (2006)

    Google Scholar 

  3. Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  4. Bernstein, D.J., Schwabe, P.: New AES software speed records. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) INDOCRYPT 2008. LNCS, vol. 5365, pp. 322–336. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  5. Ferguson, N.: Authentication weaknesses in GCM. Comments Submitted to NIST Modes of Operation (2005)

    Google Scholar 

  6. Gueron, S.: Software optimizations for cryptographic primitives on general purpose x86_64 platforms. In: Bernstein, D.J., Chatterjee, S. (eds.) INDOCRYPT 2011. LNCS, vol. 7107, pp. 399–400. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  7. IEEE MAC Security Task Group: 802.1ae—Media Access Control (MAC) security draft 5.1. IEEE Standards Association (2006)

    Google Scholar 

  8. IEEE Security in Storage Working Group: P1619.1 Authenticated encryption. IEEE Standards Association (2007)

    Google Scholar 

  9. IETF: The use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP). RFC 4106 (2005)

    Google Scholar 

  10. IETF: The use of Galois Message Authentication Code (GMAC). RFC 4543 (2006)

    Google Scholar 

  11. IETF: AES Galois Counter Mode (GCM) cipher suites for TLS. RFC 5288 (2008)

    Google Scholar 

  12. IETF: AES Galois Counter Mode for the Secure Shell Transport Layer Protocol. RFC 5647 (2009)

    Google Scholar 

  13. Intel Corporation: Fast Cryptographic Computation on Intel Architecture Processors Via Function Stitching (2010)

    Google Scholar 

  14. Intel Corporation: Intel Carry-Less Multiplication Instruction and its Usage for Computing the GCM Mode — Rev 2 (2010)

    Google Scholar 

  15. Iwata, T., Ohashi, K., Minematsu, K.: Breaking and repairing GCM security proofs. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 31–49. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  16. JTC 1: Information Technology—Security Techniques—Authenticated Encryption. ISO/IEC 19772 (2009)

    Google Scholar 

  17. Karatsuba, A.A., Ofman, Y.P.: Multiplication of many-digital numbers by automatic computers. Proceedings of the USSR Academy of Sciences 145, 293–294 (1962)

    Google Scholar 

  18. Kohno, T., Viega, J., Whiting, D.: CWC: A high-performance conventional authenticated encryption mode. Cryptology ePrint Archive: Report 2003/106 (2003)

    Google Scholar 

  19. Krovetz, T., Rogaway, P.: The software performance of authenticated-encryption modes. In: Joux, A. (ed.) FSE 2011. LNCS, vol. 6733, pp. 306–327. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  20. Manley, R., Gregg, D.: A program generator for Intel AES-NI instructions. In: Gong, G., Gupta, K.C. (eds.) INDOCRYPT 2010. LNCS, vol. 6498, pp. 311–327. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  21. McGrew, D.A., Viega, J.: The security and performance of the Galois/Counter Mode (GCM) of operation. In: Canteaut, A., Viswanathan, K. (eds.) INDOCRYPT 2004. LNCS, vol. 3348, pp. 343–355. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  22. Meloni, N., Nègre, C., Hasan, M.A.: High performance GHASH and impacts of a class of unconventional bases. J. Cryptographic Engineering 1(3), 201–218 (2011)

    Article  Google Scholar 

  23. NIST: Advanced Encryption Standard (AES). FIPS Publication 197 (2001)

    Google Scholar 

  24. NIST: Recommendation for block cipher modes of operation: Galois/Counter Mode (GCM) for confidentiality and authentication. Special Publication 800-38D (2007)

    Google Scholar 

  25. Rogaway, P.: Authenticated-encryption with associated-data. In: ACM CCS 2002, pp. 98–107. ACM Press (2002)

    Google Scholar 

  26. Rogaway, P., Bellare, M., Black, J., Krovetz, T.: OCB: A block-cipher mode of operation for efficient authenticated encryption. In: Reiter, M.K., Samarati, P. (eds.) ACM CCS 2001, pp. 196–205. ACM (2001)

    Google Scholar 

  27. Rogaway, P., Shrimpton, T.: A provable-security treatment of the key-wrap problem. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 373–390. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  28. Saarinen, M.-J.O.: SGCM: The Sophie Germain counter mode. Cryptology ePrint Archive: Report 2011/326 (2011)

    Google Scholar 

  29. Saarinen, M.-J.O.: Cycling attacks on GCM, GHASH and other polynomial MACs and hashes. In: Canteaut, A. (ed.) FSE 2012. LNCS, vol. 7549, pp. 216–225. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  30. Satoh, A., Sugawara, T., Aoki, T.: High-speed pipelined hardware architecture for Galois counter mode. In: Garay, J.A., Lenstra, A.K., Mambo, M., Peralta, R. (eds.) ISC 2007. LNCS, vol. 4779, pp. 118–129. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  31. Wegman, M.N., Carter, L.: New hash functions and their use in authentication and set equality. J. Comput. Syst. Sci. 22(3), 265–279 (1981)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. NTT Secure Platform Laboratories, Japan

    Kazumaro Aoki & Kan Yasuda

Authors
  1. Kazumaro Aoki
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kan Yasuda
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Fundamental Problems of Technology, Wrocław University of Technology, Wybrzeże Wyspiańskiego 27, 50-370, Wrocław, Poland

    Mirosław Kutyłowski

  2. Computer Science Department, Columbia University and Google Inc., Amsterdam Avenue 1214, 10027, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Aoki, K., Yasuda, K. (2013). The Security and Performance of “GCM” when Short Multiplications Are Used Instead. In: Kutyłowski, M., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2012. Lecture Notes in Computer Science, vol 7763. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38519-3_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38519-3_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38518-6

  • Online ISBN: 978-3-642-38519-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation