AES-GCM

E31669

AEAD scheme authenticated encryption mode block cipher mode of operation

AES-GCM is an authenticated encryption mode of the Advanced Encryption Standard that provides both data confidentiality and integrity, widely used in modern network and security protocols.

Jump to: Surface forms Statements Referenced by

Observed surface forms (1)

Surface form	Occurrences
Advanced Encryption Standard Galois/Counter Mode	1

Statements (52)

Predicate	Object
instanceOf	AEAD scheme ⓘ authenticated encryption mode ⓘ block cipher mode of operation ⓘ
AADDescription	additional authenticated data is integrity-protected but not encrypted ⓘ
authenticationOperation	polynomial hash in GF(2^128) ⓘ
blockSize	128-bit ⓘ
ciphertextExpansion	authentication tag length ⓘ
definedInSection	NIST SP 800-38D ⓘ surface form: NIST SP 800-38D Section 6
designedFor	high-speed hardware implementation ⓘ high-speed software implementation ⓘ
encryptionOperation	AES in counter mode ⓘ
fullName	AES-GCM self-linksurface differs ⓘ surface form: Advanced Encryption Standard Galois/Counter Mode
hasProperty	parallelizable authentication ⓘ parallelizable encryption ⓘ
isPreferredOver	AES-CBC-HMAC in many protocols ⓘ
isRecommendedBy	IETF for many modern protocols ⓘ
isVulnerableTo	catastrophic failure on nonce reuse ⓘ
providesProperty	authenticity ⓘ confidentiality ⓘ integrity ⓘ
publishedBy	National Institute of Standards and Technology ⓘ surface form: NIST
recommendedIVLength	96-bit ⓘ
requiresNonceUniqueness	true ⓘ
securityDependsOn	AES block cipher security ⓘ nonce uniqueness ⓘ
standardizedIn	NIST SP 800-38D ⓘ
supportsAAD	true ⓘ
supportsKeySize	128-bit ⓘ 192-bit ⓘ 256-bit ⓘ
supportsTagLength	104-bit ⓘ 112-bit ⓘ 120-bit ⓘ 128-bit ⓘ 32-bit ⓘ 64-bit ⓘ 96-bit ⓘ
tagComputation	GHASH over ciphertext and AAD ⓘ
usedInProtocol	HTTP/2 ⓘ IPsec ⓘ QUIC ⓘ SSH ⓘ RFC 5246 ⓘ surface form: TLS 1.2 RFC 8446 ⓘ surface form: TLS 1.3
usedInStandard	Wi‑Fi Protected Access ⓘ surface form: IEEE 802.11 wireless security IEEE 802.1AE MACsec standard ⓘ surface form: IEEE 802.1AE MACsec
usesCipher	Advanced Encryption Standard ⓘ surface form: AES
usesComponent	Galois field multiplication ⓘ
usesField	GF(2^128) ⓘ
usesMode	counter mode ⓘ
usesNonce	initialization vector ⓘ
yearStandardized	2007 ⓘ

Referenced by (2)

Full triples — surface form annotated when it differs from this entity's canonical label.

AES-GCM → fullName → AES-GCM self-linksurface differs ⓘ

this entity surface form: Advanced Encryption Standard Galois/Counter Mode

IEEE 802.1AE MACsec standard → uses → AES-GCM ⓘ

subject surface form: IEEE 802.1AE