2011年12月5日 星期一

AES GCM/GMAC/XCBC

AES-GCM (crypto+auth)

[wiki] Galois/Counter Mode
http://en.wikipedia.org/wiki/Galois/Counter_Mode

a mode of operation for symmetric key cryptographic block ciphers that has been widely adopted because of its efficiency and performance. GCM throughput rates for state of the art, high speed communication channels can be achieved with reasonable hardware resources [1]. It is an authenticated encryption algorithm designed to provide both data authenticity (integrity) and confidentiality. GCM mode is defined for block ciphers with a block size of 128 bits. GMAC is an authentication-only variant of the GCM which can be used as an incremental message authentication code. Both GCM and GMAC can accept initialization vectors of arbitrary length.


AES-GCM (Galois Counter Mode) core for FPGA (Xilinx, Altera, Actel) and ASIC - Helion Technology
http://www.heliontech.com/aes_gcm.htm
AES-GCM is an authenticated encryption algorithm designed to provide both authentication and privacy. Developed by David A McGrew and John Viega, it uses universal hashing over a binary Galois field to provide authenticated encryption.

GCM was designed originally as a way of supporting very high data rates, since it can take advantage of pipelining and parallel processing techniques to bypass the normal limits imposed by feedback MAC algorithms. This allows authenticated encryption at data rates of many tens of Gbps, permitting high grade encryption and authentication on systems which previously could not be fully protected. More recently GCM is being specified for use in lower rate applications due to its ease of use and scalability.

AES-GCM is specified for use in a number of recent standards; for example it is one of the options specified by the IEEE 1619 group for securing data-at-rest stored on tape media. In networking, it is the security algorithm specified for use in MACsec (802.1AE), and in the ANSI Fibre Channel Security Protocols (FC-SP).


AES-GCM Functions
http://software.intel.com/sites/products/documentation/hpc/ipp/ippcp/ippcp_ch2/ch2_aes_gcm_functions.html
The Galois/Counter Mode (GCM) is a mode of operation of the AES algorithm. GCM [NIST SP 800-38D] uses a variation of the Counter mode of operation for encryption. GCM assures authenticity of the confidential data (of up to about 64 GB per invocation) using a universal hash function defined over a binary finite field (the Galois field).

GCM can also provide authentication assurance for additional data (of practically unlimited length per invocation) that is not encrypted. If the GCM input contains only data that is not to be encrypted, the resulting specialization of GCM, called GMAC, is simply an authentication mode for the input data.


[wiki] Finite field (aka Galois field)
http://en.wikipedia.org/wiki/Galois_field

RFC 5288: AES-GCM Cipher suites
http://www.rfc-editor.org/rfc/rfc5288.txt
AES-GCM is an authenticated encryption with associated data (AEAD) cipher


The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
http://www.ietf.org/rfc/rfc4106.txt

AES-GMAC (auth)
Advanced Encryption Standard Galois Message Authentication Code (AES-GMAC)

RFC4543: The Use of Galois Message Authentication Code (GMAC) in IPsec ESP and AH
http://tools.ietf.org/rfc/rfc4543.txt

Re: AES-GMAC as a hash
http://www.mail-archive.com/cryptography@metzdowd.com/msg10843.html


AES-XCBC, aka CBC-MAC (auth)
[wiki] CBC-MAC
http://en.wikipedia.org/wiki/CBC-MAC
cipher block chaining message authentication code (CBC-MAC), is a technique for constructing a message authentication code from a block cipher.


[wiki] CMAC
http://en.wikipedia.org/wiki/CMAC
CMAC (Cipher-based MAC)[1] is a block cipher-based message authentication code algorithm.

The core of the CMAC algorithm is a variation of CBC-MAC that Black and Rogaway proposed and analyzed under the name XCBC[2] and submitted to NIST.[3] The XCBC algorithm efficiently addresses the security deficiencies of CBC-MAC, but requires three keys. Iwata and Kurosawa proposed an improvement of XCBC and named the resulting algorithm One-Key CBC-MAC (OMAC) in their papers.[4][5] They later submitted OMAC1[6], a refinement of OMAC, and additional security analysis.[7] The OMAC algorithm reduces the amount of key material required for XCBC. CMAC is equivalent to OMAC1.


RFC4434: The AES-XCBC-PRF-128 Algorithm for the Internet Key Exchange Protocol (IKE)
http://tools.ietf.org/rfc/rfc4434.txt

RFC3566: The AES-XCBC-MAC-96 Algorithm and Its Use With IPsec
http://tools.ietf.org/rfc/rfc3566.txt



Cryptography
http://en.wikipedia.org/wiki/Template:Crypto_navbox

Block ciphers (security summary)
http://en.wikipedia.org/wiki/Template:Crypto_block

Cryptographic hash functions and message authentication codes (MACs)
http://en.wikipedia.org/wiki/Template:Crypto_hash

沒有留言: