Sie sind auf Seite 1von 48
AuthenticatedAuthenticated
AuthenticatedAuthenticated
encryptionencryption GCMGCM andand CCMCCM modesmodes
encryptionencryption
GCMGCM andand CCMCCM modesmodes

LorenzoLorenzo PeraldoPeraldo andand VittorioVittorio PiccoPicco

AuthenticatedAuthenticated encryptionencryption
AuthenticatedAuthenticated encryptionencryption
DefinitionDefinition
DefinitionDefinition

““ AuthenticatedAuthenticated EncryptionEncryption (AE)(AE) isis aa termterm usedused toto describedescribe encryptionencryption systemssystems whichwhich simultaneouslysimultaneously protectprotect confidentialityconfidentiality,, authenticityauthenticity andand integrityintegrity ofof communicationscommunications ””

BasicBasic componentscomponents
BasicBasic componentscomponents

MessageMessage AuthenticationAuthentication CodeCode (MAC)(MAC)

++
++

SymmetricSymmetric encryptionencryption

Why?Why? MACMAC
Why?Why?
MACMAC

IntegrityIntegrity:: anan attackerattacker can’tcan’t modifymodify thethe datadata andand thenthen computecompute aa newnew MAC,MAC, becausebecause aa secretsecret keykey isis neededneeded AuthenticationAuthentication:: onlyonly thethe useruser whowho hashas gotgot thethe secretsecret keykey cancan authenticateauthenticate thethe messagemessage

keykey cancan authenticateauthenticate thethe messagemessage SymmetricSymmetric encryptionencryption

SymmetricSymmetric encryptionencryption

ConfidentialityConfidentiality:: datadata areare encryptedencrypted AuthenticationAuthentication:: ifif onlyonly 22 usersusers shareshare thethe secretsecret keykey

AA nonnon--computercomputer exampleexample AA letterletter fromfrom aa loverlover byby ordinaryordinary mail:mail:
AA nonnon--computercomputer exampleexample
AA letterletter fromfrom aa loverlover byby ordinaryordinary mail:mail:
Envelope:Envelope: confidentialityconfidentiality andand integrityintegrity
Signature:Signature: authenticationauthentication
SenderSender AEAE blackblack boxbox InputInput
SenderSender AEAE blackblack boxbox
InputInput
SenderSender AEAE blackblack boxbox InputInput AA plaintextplaintext messagemessage AA keykey PossiblyPossibly aa

AA plaintextplaintext messagemessage AA keykey PossiblyPossibly aa noncenonce

OutputOutput

TheThe encryptedencrypted messagemessage (ciphertext)(ciphertext) AnAn authenticationauthentication tagtag

RecipientRecipient AEAE blackblack boxbox InputInput
RecipientRecipient AEAE blackblack boxbox
InputInput
RecipientRecipient AEAE blackblack boxbox InputInput AnAn encryptedencrypted messagemessage AA tagtag TheThe

AnAn encryptedencrypted messagemessage AA tagtag TheThe nonce,nonce, ifif usedused TheThe keykey

OutputOutput

IfIf thethe tagtag isis verified:verified: thethe plaintextplaintext else:else: FAILFAIL

AEAE securitysecurity PrivacyPrivacy
AEAE securitysecurity
PrivacyPrivacy
AEAE securitysecurity PrivacyPrivacy AnAn attackerattacker cancan sniffsniff thethe ciphertextciphertext andand thethe

AnAn attackerattacker cancan sniffsniff thethe ciphertextciphertext andand thethe nonce,nonce, butbut mustmust notnot bebe ableable toto recoverrecover thethe plaintextplaintext TheThe cicipphertexthertext shouldshould looklook likelike randomrandom bitsbits

AuthenticationAuthentication

AnAn attackerattacker shouldn’tshouldn’t bebe ableable toto constructconstruct aa ciphertext,ciphertext, aa tagtag andand aa noncenonce suchsuch thatthat thethe recipierecipientnt acceptaccept themthem asas valid.valid. ProtectionProtection fromfrom replayreplay attacksattacks

AEAE implementationsimplementations
AEAE implementationsimplementations

UsuallyUsually withwith “modes”“modes” AA modemode isis aa sequencesequence ofof operationsoperations appliedapplied toto aa blockblock cipher,cipher, likelike DESDES oror AESAES Examples:Examples: CBC,CBC, ECB,ECB, CTR,CTR, …… CCMCCM andand GCMGCM provideprovide authenticatedauthenticated encryptionencryption

CBC,CBC, ECB,ECB, CTR,CTR, …… CCMCCM andand GCMGCM provideprovide authenticatedauthenticated encryptionencryption
GenericGeneric compositioncomposition ImmediateImmediate solutionsolution
GenericGeneric compositioncomposition
ImmediateImmediate solutionsolution
compositioncomposition ImmediateImmediate solutionsolution PRO:PRO: easy,easy, secure,secure, nono needneed toto

PRO:PRO: easy,easy, secure,secure, nono needneed toto developdevelop specificspecific appsapps CON:CON: notnot optimized,optimized, 22 keyskeys neededneeded forfor bestbest securitysecurity

33 waysways

MtE:MtE: MACMAC thenthen EncryptEncrypt EtM:EtM: EncryptEncrypt thenthen MACMAC E&M:E&M: EncryptEncrypt andand MACMAC

EtMEtM isis thethe bestbest

SingleSingle--passpass combinedcombined modemode 2000:2000: IBMIBM developeddeveloped IAPMIAPM ComparisonComparison
SingleSingle--passpass combinedcombined modemode
2000:2000: IBMIBM developeddeveloped IAPMIAPM
ComparisonComparison withwith genericgeneric compositioncomposition
withwith genericgeneric compositioncomposition SplitSplit thethe plaintextplaintext inin mm partsparts

SplitSplit thethe plaintextplaintext inin mm partsparts GenericGeneric composition:composition: 2m2m callscalls ofof thethe blockblock ciphercipher SingleSingle--pass:pass: aboutabout mm invocationsinvocations

ManyMany followed:followed: XCBC,XCBC, XECB,XECB, OCB,OCB, …… ThereThere isis onlyonly aa problem…problem…

OhOh no,no, IntellectualIntellectual PropertiesProperties !!!! SingleSingle--passpass modesmodes werewere allall
OhOh no,no, IntellectualIntellectual PropertiesProperties !!!!
SingleSingle--passpass modesmodes werewere allall patentedpatented
modesmodes werewere allall patentedpatented IAPMIAPM OCBOCB XECBXECB XCBCXCBC ByBy Rogaway,Rogaway,
IAPMIAPM OCBOCB XECBXECB XCBCXCBC ByBy Rogaway,Rogaway, Bellare,Bellare, Black,Black, ByBy ByBy IBMIBM GligorGligor
IAPMIAPM
OCBOCB
XECBXECB
XCBCXCBC
ByBy Rogaway,Rogaway,
Bellare,Bellare, Black,Black,
ByBy ByBy IBMIBM GligorGligor andand
DonescuDonescu andand
KrovetzKrovetz ByBy GligorGligor andand
DonescuDonescu
AsAs aa resultresult ……
AsAs aa resultresult ……

ProbablyProbably somesome ofof thethe patentspatents areare interrelatedinterrelated NobodyNobody hashas gonegone toto courtcourt toto proveprove itit (yet…)(yet…) TheThe possiblepossible usersusers ofof thesethese technologiestechnologies hashas beenbeen scaredscared byby thethe legallegal implicationsimplications TheThe researchersresearchers havehave movedmoved towardtoward otherother directionsdirections AllAll singlesingle--passpass combinedcombined modemode areare usedused byby anybody,anybody, eveneven thoughthough theythey areare thethe bestbest solutionsolution

modemode areare usedused byby anybody,anybody, eveneven thoughthough theythey areare thethe bestbest solutionsolution
TwoTwo--passpass combinedcombined modemode NotNot thatthat differentdifferent fromfrom genericgeneric
TwoTwo--passpass combinedcombined modemode
NotNot thatthat differentdifferent fromfrom genericgeneric compositioncomposition
SomeSome advantagesadvantages
compositioncomposition SomeSome advantagesadvantages UseUse ofof onlyonly oneone keykey PatentPatent freefree

UseUse ofof onlyonly oneone keykey PatentPatent freefree BetterBetter performancesperformances thanthan genericgeneric compositioncomposition

CCM,CCM, EAX,EAX, CWC,CWC, GCMGCM

CCMCCM AA briefbrief introductionintroduction
CCMCCM AA briefbrief introductionintroduction
CCMCCM
AA briefbrief introductionintroduction
WhatWhat isis CCMCCM
WhatWhat isis CCMCCM

CounterCounter withwith CBCCBC--MACMAC AnAn authenticatedauthenticated encryptionencryption solutionsolution EncryptionEncryption

solutionsolution EncryptionEncryption UseUse ofof thethe blockblock ciphercipher AESAES--128128

UseUse ofof thethe blockblock ciphercipher AESAES--128128 CounterCounter (CTR)(CTR) modemode

AuthenticationAuthentication

MACMAC computedcomputed withwith CBCCBC (Cipher(Cipher BlockBlock Chaining)Chaining)

MainMain featuresfeatures
MainMain featuresfeatures

SymmetricSymmetric keykey DesignedDesigned forfor AESAES--128128 UseUse inin packetpacket environmentenvironment (no(no streamstream data)data) ArbitraryArbitrary lengthlength MACMAC OnlyOnly oneone keykey forfor authenticationauthentication andand encryptionencryption NoNo intellectualintellectual propertyproperty restrictionsrestrictions

andand encryptionencryption NoNo intellectualintellectual propertyproperty restrictionsrestrictions
HowHow doesdoes itit workwork ?? Generation - encryption
HowHow doesdoes itit workwork ??
Generation - encryption
HowHow doesdoes itit workwork ?? (cont’d)(cont’d) Decryption - verification
HowHow doesdoes itit workwork ?? (cont’d)(cont’d)
Decryption - verification
GenerationGeneration--encryptionencryption 1.1. TheThe MACMAC (Message(Message AuthenticationAuthentication Code)Code)
GenerationGeneration--encryptionencryption
1.1. TheThe MACMAC (Message(Message AuthenticationAuthentication Code)Code) isis computedcomputed
applyingapplying CBCCBC toto thethe formattedformatted inputinput datadata
(N,(N, P,P, A)A) m1,m1, m2,m2, …,…, mxmx
(N,(N, P,P, A)A)
m1,m1, m2,m2, …,…, mxmx
GenerationGeneration--encryptionencryption (cont’d)(cont’d) 2.2. CounterCounter modemode isis appliedapplied toto
GenerationGeneration--encryptionencryption (cont’d)(cont’d)
2.2. CounterCounter modemode isis appliedapplied toto encryptencrypt datadata andand MACMAC
GenerationGeneration--encryptionencryption (cont’d)(cont’d) 3.3. OutputOutput ciphertextciphertext
GenerationGeneration--encryptionencryption (cont’d)(cont’d)
3.3. OutputOutput ciphertextciphertext

C =

MAC Payload K
MAC
Payload
K
GenerationGeneration--encryptionencryption (cont’d)(cont’d) 3.3. OutputOutput ciphertextciphertext C = MAC Payload K
DecryptionDecryption--verificationverification CounterCounter modemode decryptiondecryption ComputationComputation ofof
DecryptionDecryption--verificationverification
CounterCounter modemode decryptiondecryption
ComputationComputation ofof MACMAC withwith CBCCBC--MACMAC
(N,(N, A,A, P’)P’)
VVererifiificatcatiionon ooff autauthhententiicciityty
Output:Output: PayloadPayload // INVALIDINVALID
HardwareHardware implementationimplementation CCMCCM cannotcannot bebe parallelizedparallelized OperationsOperations
HardwareHardware implementationimplementation
CCMCCM cannotcannot bebe parallelizedparallelized
OperationsOperations toto bebe implemented:implemented:
OperationsOperations toto bebe implemented:implemented: Encryption:Encryption: hwhw implementationimplementation

Encryption:Encryption: hwhw implementationimplementation ofof AESAES ciphercipher XORXOR CounterCounter incrementincrement FormattingFormatting functionfunction

SecuritySecurity RecommendationsRecommendations
SecuritySecurity
RecommendationsRecommendations
SecuritySecurity RecommendationsRecommendations KeysKeys mustmust bebe secretsecret andand “fresh”“fresh”

KeysKeys mustmust bebe secretsecret andand “fresh”“fresh” IV:IV: 00 forfor CBCCBC--MACMAC NeverNever useuse thethe samesame noncenonce twicetwice MaxMax nn°° ofof noncenonce withwith thethe samesame key:key: 22 6161 ChooseChoose anan appropriateappropriate MACMAC lengthlength ReplayReplay attacks:attacks: useuse ofof timestampstimestamps // numbernumber packetspackets

AA possiblepossible attackattack “be“be conservativeconservative inin whatwhat youyou send,send, andand
AA possiblepossible attackattack
“be“be conservativeconservative inin whatwhat youyou send,send, andand
liberalliberal inin whatwhat youyou accept”accept”
liberalliberal inin whatwhat youyou accept”accept” 16-byte MAC 12-byte MAC 8-byte MAC 4-byte MAC 16-byte MAC
16-byte MAC 12-byte MAC 8-byte MAC 4-byte MAC
16-byte MAC
12-byte MAC
8-byte MAC
4-byte MAC

16-byte MAC

AA possiblepossible attackattack (cont’d)(cont’d) Here comes the bad guy !!
AA possiblepossible attackattack (cont’d)(cont’d)
Here comes the bad guy !!
attackattack (cont’d)(cont’d) Here comes the bad guy !! 16-byte MAC 12-byte MAC 8-byte MAC 4-byte MAC
16-byte MAC 12-byte MAC 8-byte MAC 4-byte MAC
16-byte MAC
12-byte MAC
8-byte MAC
4-byte MAC

4-byte MAC

(cont’d)(cont’d) Here comes the bad guy !! 16-byte MAC 12-byte MAC 8-byte MAC 4-byte MAC 4-byte
(cont’d)(cont’d) Here comes the bad guy !! 16-byte MAC 12-byte MAC 8-byte MAC 4-byte MAC 4-byte
(cont’d)(cont’d) Here comes the bad guy !! 16-byte MAC 12-byte MAC 8-byte MAC 4-byte MAC 4-byte
(cont’d)(cont’d) Here comes the bad guy !! 16-byte MAC 12-byte MAC 8-byte MAC 4-byte MAC 4-byte
AA possiblepossible attackattack (cont’d)(cont’d) 2 32 4-byte MAC computed
AA possiblepossible attackattack (cont’d)(cont’d)
2 32 4-byte MAC computed
AA possiblepossible attackattack (cont’d)(cont’d) 2 32 4-byte MAC computed At least one valid ciphertext !!!

At least one valid ciphertext !!!

CountermeasuresCountermeasures FixFix thethe tagtag lengthlength parameterparameter DuringDuring keykey
CountermeasuresCountermeasures
FixFix thethe tagtag lengthlength parameterparameter
DuringDuring keykey negotiationnegotiation
DuringDuring keykey negotiationnegotiation NeverNever changechange itit duringduring thethe

NeverNever changechange itit duringduring thethe currentcurrent sessionsession

GCMGCM Galois/CounterGalois/Counter ModeMode ofof operationsoperations
GCMGCM
GCMGCM

Galois/CounterGalois/Counter ModeMode ofof operationsoperations

WhatWhat isis GCMGCM -- GMACGMAC AnAn authenticatedauthenticated encryptionencryption solutionsolution
WhatWhat isis GCMGCM -- GMACGMAC
AnAn authenticatedauthenticated encryptionencryption solutionsolution
EncryptionEncryption
encryptionencryption solutionsolution EncryptionEncryption UseUse ofof thethe blockblock ciphercipher AESAES

UseUse ofof thethe blockblock ciphercipher AESAES ModeMode ofof operationoperation similarsimilar toto thethe CTRCTR

AuthenticationAuthentication

TheThe MACMAC providedprovided isis aa sortsort ofof keyedkeyed digestdigest CanCan provideprovide authenticationauthentication onlyonly →→ GMACGMAC

MainMain featuresfeatures
MainMain featuresfeatures

ExtremelyExtremely fast,fast, moremore thanthan 10Gbps10Gbps EasyEasy toto implementimplement inin softwaresoftware andand hardwarehardware CanCan bebe usedused forfor authenticationauthentication only,only, ifif desireddesired DesignedDesigned forfor AES,AES, optimizedoptimized forfor 128128 bitsbits ArbitraryArbitrary lengthlength IV,IV, optimizedoptimized forfor 9696 bitsbits OnlyOnly oneone keykey forfor authenticationauthentication andand encryptionencryption NoNo intellectualintellectual propertyproperty restrictionsrestrictions

andand encryptionencryption NoNo intellectualintellectual propertyproperty restrictionsrestrictions
AuthenticatedAuthenticated encryptionencryption functionfunction WHATWHAT ?!?!?!?!
AuthenticatedAuthenticated encryptionencryption functionfunction
WHATWHAT ?!?!?!?!
VersionVersion forfor humanhuman beingsbeings 1.1. TheThe hashhash subsub--keykey HH isis computedcomputed andand
VersionVersion forfor humanhuman beingsbeings
1.1. TheThe hashhash subsub--keykey HH isis computedcomputed andand storedstored
00000000000000000000000000000000
EncEnc KK HH
EncEnc KK
HH

00000000000000000000000000000000

00000000000000000000000000000000

00000000000000000000000000000000

00000000000000000000000000000000

00000000000000000000000000000000

00000000000000000000000000000000

00000000000000000000000000000000

VersionVersion forfor humanhuman beingsbeings 2.2. TheThe IVIV lengthlength isis checkedchecked
VersionVersion forfor humanhuman beingsbeings
2.2. TheThe IVIV lengthlength isis checkedchecked

2.2. TheThe IVIV lengthlength isis checkedchecked IfIf it’sit’s 9696 bitsbits isis paddedpadded toto

IfIf it’sit’s 9696 bitsbits isis paddedpadded toto 128128 IfIf it’sit’s differentdifferent isis computedcomputed aa 128128 bitbit IVIV usingusing aa specialspecial functionfunction (GHASH)(GHASH) TheThe IVIV isis thethe startingstarting valuevalue ofof thethe countercounter

VersionVersion forfor humanhuman beingsbeings 3.3. EncryptionEncryption
VersionVersion forfor humanhuman beingsbeings
3.3.
EncryptionEncryption
VersionVersion forfor humanhuman beingsbeings 4.4. AuthenticationAuthentication GF(2GF(2 128128 ))
VersionVersion forfor humanhuman beingsbeings
4.4.
AuthenticationAuthentication
GF(2GF(2 128128 ))
HardwareHardware implementationimplementation
HardwareHardware implementationimplementation

TheThe onlyonly wayway toto managemanage moremore thanthan 10Gbps10Gbps GCMGCM cancan bebe parallelizedparallelized OperationsOperations toto bebe implemented:implemented:

OperationsOperations toto bebe implemented:implemented: Encryption:Encryption: hwhw implementationimplementation

Encryption:Encryption: hwhw implementationimplementation ofof AESAES ciphercipher XORXOR IncrementIncrement ofof thethe countercounter MultiplicationMultiplication withinwithin GF(2GF(2 128128 ))

HardwareHardware implementationimplementation
HardwareHardware implementationimplementation
TheThe multiplicationmultiplication inin GF(2GF(2 qq )) DifferentDifferent approachesapproaches ParallelParallel
TheThe multiplicationmultiplication inin GF(2GF(2 qq ))
DifferentDifferent approachesapproaches
ParallelParallel
Serial:Serial: supersuper serial,serial, bitbit serial,serial, etcetc
supersuper serial,serial, bitbit serial,serial, etcetc SerialSerial solutionssolutions TimeTime andand areaarea

SerialSerial solutionssolutions

TimeTime andand areaarea linearlinear withwith qq

ParallelParallel solutionsolution

Time:Time: 11 clockclock cyclecycle Area:Area: quadraticquadratic withwith q,q, butbut onlyonly 30%30% ofof AESAES ciphercipher

GOGO PARALLEL,PARALLEL, BOYS!BOYS!

SecuritySecurity RecommendationsRecommendations
SecuritySecurity
RecommendationsRecommendations
SecuritySecurity RecommendationsRecommendations Keys:Keys: secretsecret andand “fresh”“fresh” IV:IV:

Keys:Keys: secretsecret andand “fresh”“fresh” IV:IV: probabilityprobability ofof usingusing samesame IVIV andand keykey << 22 --3232 KnownKnown securitysecurity problemproblem withwith reusedreused IVsIVs AppropriateAppropriate tagtag lengthlength ReplayReplay attacks:attacks: useuse ofof timestampstimestamps

Oracles Oracles PermutationPermutation oracleoracle OutputsOutputs randomrandom numbernumber ofof PRFPRF TheThe
Oracles
Oracles
PermutationPermutation oracleoracle
OutputsOutputs randomrandom numbernumber ofof PRFPRF
TheThe PRFPRF representrepresent anan encryptedencrypted messagemessage
DistinguishingDistinguishing advantageadvantage
Oracles Oracles TagTag--generationgeneration oracleoracle
Oracles
Oracles
TagTag--generationgeneration oracleoracle
Oracles Oracles TagTag--generationgeneration oracleoracle Input:Input: aa messagemessage Output:Output: aa

Input:Input: aa messagemessage Output:Output: aa validvalid tagtag

TaTagg--validationvalidation oracleoracle

Input:Input: aa messagemessage andand aa tagtag Output:Output: isis thethe tagtag correctcorrect forfor thethe givengiven message?message?

ForgeryForgery advantageadvantage

CTRCTR knownknown issueissue HelloHello world,world, thisthis isis me,me, lifelife shouldshould bebe funfun forfor
CTRCTR knownknown issueissue
HelloHello world,world,
thisthis isis me,me,
lifelife shouldshould bebe
funfun forfor everyoneeveryone
72dd0294rth%p72dd0294rth%p
29sj!5z/k=p29sj!5z/k=p
akd'^3sddG#/ap5akd'^3sddG#/ap5
97;7*h2?375ba+?997;7*h2?375ba+?9
72dd0272dd023&F7j3&F7j%p%p 29sj!5z/k=p29sj!5z/k=p akd'^3sddG#/ap5akd'^3sddG#/ap5
72dd0272dd023&F7j3&F7j%p%p
29sj!5z/k=p29sj!5z/k=p
akd'^3sddG#/ap5akd'^3sddG#/ap5
97;7*h2?375ba+?997;7*h2?375ba+?9

HelloHello SarahSarah,, thisthis isis me,me, lifelife shouldshould bebe funfun forfor everyoneeveryone

BewareBeware !!
BewareBeware !!

AttackerAttacker withwith accessaccess toto aa tagtag--generationgeneration oracleoracle IfIf IVsIVs areare notnot changedchanged thethe outputoutput willwill bebe functionfunction ofof thethe hashhash subsub--keykey HH AnalAnalyyzinzingg thethe resultinresultingg tataggss thethe attackerattacker couldcould recoverrecover HH WithWith HH hehe cancan generategenerate validvalid authenticationauthentication tags,tags, thusthus pretendingpretending toto bebe youryour friendfriend !!

validvalid authenticationauthentication tags,tags, thusthus pretendingpretending toto bebe youryour friendfriend !!
SolutionSolution ThisThis attackattack isis possiblepossible onlyonly ifif youyou useuse atat leastleast twicetwice
SolutionSolution
ThisThis attackattack isis possiblepossible onlyonly ifif youyou useuse atat leastleast
twicetwice thethe samesame keykey withwith thethe samesame IVIV
youyou useuse atat leastleast twicetwice thethe samesame keykey withwith thethe samesame IVIV NEVERNEVER DODO THAT!THAT!

NEVERNEVER DODO THAT!THAT!

ReferencesReferences
ReferencesReferences

NISTNIST SpecialSpecial PublicationPublication 800800--38C38C (CCM)(CCM) NISTNIST SpecialSpecial PublicationPublication 800800--38D38D (GCM)(GCM) AuthenticatedAuthenticated EncryptionEncryption (J.(J. Black)Black) AA CritiqueCritique ofof CCMCCM (P.(P. Rogaway,Rogaway, D.D. Wagner)Wagner) OnOn TheThe SecuritySecurity ofof CTRCTR ++ CBCCBC--MACMAC (J.(J. Jonsson)Jonsson) CCounterounter wwiitthh CBCCBC--MACMAC ((DD WhiWhittiing,ng, RR HHousouslley,ey, NN FFerguson)erguson)

WhiWhittiing,ng, RR HHousouslley,ey, NN FFerguson)erguson) FlexibleFlexible andand EfficientEfficient MessageMessage

FlexibleFlexible andand EfficientEfficient MessageMessage AuthenticationAuthentication inin HardwHardwareare andand SoftwareSoftware (D.(D. A.A. McGrew,McGrew, J.J. Viega)Viega)

TheThe SecuritySecurity andand PerformancePerformance ofof thethe Galois/CounterGalois/Counter ModeMode (GCM)(GCM) ofof OperationOperation (D.(D. A.A. McGrew,McGrew, J.J. Viega)Viega)

www.wikipedia.orgwww.wikipedia.org

QQuesuestitionsons ??
QQuesuestitionsons ??

QQuesuestitionsons ??