Talk:Galois/Counter Mode

From Wikipedia, the free encyclopedia

The performance section should include the initialization cost. If the figure on this page is accurate, there would be one additional block cipher operation, and two more GF mults. Also, if the size of the IV is not 96 bits, you have to compute a GHASH.

The number will depend on the deinition of the initialization and the architecture of the overall system. One more cipher operation might be necessary to calculate H. Dimawik 01:25, 31 August 2006 (UTC)

[edit] Block cipher?

Does GCM need a block cipher or will a stream cipher work as well? It doesn't seem to require invertability of the underlying cipher to decrypt packets. Is this necessary for any of the security proofs? 198.205.32.94 13:32, 29 August 2006 (UTC)

Effectively, it is just using the cipher in CTR mode. I don't know why off hand you can't use a stream cipher. Though through things like SP800-38D [iirc] it's being specified in the context of using AES. 209.217.122.41 16:06, 24 January 2007 (UTC) Tom St Denis