16 The Galois Counter Mode

In the previous chapter, we learned about authenticated encryption and authenticated encryption with additional data. We saw how authenticated encryption can be obtained from simpler cryptographic primitives using generic composition, and we introduced a dedicated counter mode with CBC-MAC (CCM) that provides AEAD.

In TLS 1.3, AEAD is used for protecting all TLS Record protocol payloads. In this chapter, we will study Galois/Counter Mode (GCM), an AEAD algorithm that every TLS 1.3 endpoint must implement. RFC 8446 [147], the specification of TLS 1.3, only references NIST’s Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC [57], where GCM is specified. But since GCM is used in the ...

Get TLS Cryptography In-Depth now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

TLS Cryptography In-Depth by Dr. Paul Duplys, Dr. Roland Schmitz

16

The Galois Counter Mode

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly