AES-GCM

E31669

AES-GCM is an authenticated encryption mode of the Advanced Encryption Standard that provides both data confidentiality and integrity, widely used in modern network and security protocols.

All labels observed (5)

How this entity was disambiguated

Statements (52)

Predicate Object
instanceOf AEAD scheme
authenticated encryption mode
block cipher mode of operation
AADDescription additional authenticated data is integrity-protected but not encrypted
authenticationOperation polynomial hash in GF(2^128)
blockSize 128-bit
ciphertextExpansion authentication tag length
definedInSection NIST SP 800-38D
surface form: NIST SP 800-38D Section 6
designedFor high-speed hardware implementation
high-speed software implementation
encryptionOperation AES in counter mode
fullName AES-GCM self-linksurface differs
surface form: Advanced Encryption Standard Galois/Counter Mode
hasProperty parallelizable authentication
parallelizable encryption
isPreferredOver AES-CBC-HMAC in many protocols
isRecommendedBy IETF for many modern protocols
isVulnerableTo catastrophic failure on nonce reuse
providesProperty authenticity
confidentiality
integrity
publishedBy National Institute of Standards and Technology
surface form: NIST
recommendedIVLength 96-bit
requiresNonceUniqueness true
securityDependsOn AES block cipher security
nonce uniqueness
standardizedIn NIST SP 800-38D
supportsAAD true
supportsKeySize 128-bit
192-bit
256-bit
supportsTagLength 104-bit
112-bit
120-bit
128-bit
32-bit
64-bit
96-bit
tagComputation GHASH over ciphertext and AAD
usedInProtocol HTTP/2
IPsec
QUIC
SSH
RFC 5246
surface form: TLS 1.2

RFC 8446
surface form: TLS 1.3
usedInStandard Wi‑Fi Protected Access
surface form: IEEE 802.11 wireless security

IEEE 802.1AE MACsec standard
surface form: IEEE 802.1AE MACsec
usesCipher Advanced Encryption Standard
surface form: AES
usesComponent Galois field multiplication
usesField GF(2^128)
usesMode counter mode
usesNonce initialization vector
yearStandardized 2007

How these facts were elicited

Referenced by (7)

Full triples — surface form annotated when it differs from this entity's canonical label.

IEEE 802.1AE MACsec standard uses AES-GCM
subject surface form: IEEE 802.1AE
AES-GCM fullName AES-GCM self-linksurface differs
this entity surface form: Advanced Encryption Standard Galois/Counter Mode
NIST SP 800-38D title AES-GCM
this entity surface form: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC
NIST SP 800-38D subject AES-GCM
this entity surface form: Galois/Counter Mode
NIST SP 800-38D defines AES-GCM
this entity surface form: Galois/Counter Mode of operation
AES-Poly1305 relatedTo AES-GCM
AES-CCM relatedTo AES-GCM