You are on page 1of 4

AES GCM ALGORITHM

INPUT:
IV (12 Bytes)
AAD (A) (Length - multiple of 128 padded with 0)
Plain text (P) (Length - multiple of 128 padded with 0)
Encryption key (16)
[len(A)]64 || [len(C)]64

Steps:
1. C = GCTRK (P||0s);
2. S = GHASH ((A||0s), (C||0s));
3. E= IV||00000000 Encrypted by AES with Ek , then Exor with S;
4. T = MSBt (E)

OUTPUT:
Chipper text C (Plain text length)
Authentication tag T (12 Bytes)
GCTR - CHIPPER TEXT:
INPUT:
IV (12 Bytes)
Plain text P (Length - multiple of 128 padded with 0)
Encryption key Ek (16)

Steps:
ICB = IV || 4 byte (counter)
n = Len (P)/128
P = X1||X2||X3||...||Xn (Each 128 bit)
1. IV||00000001 = ICB1, is Encrypted by AES with Ek which is then Exor with X1 of plain text.
2. IV||00000002 = ICB2, is Encrypted by AES with Ek which is then Exor with X2 of plain text.
3. IV||0000000n = ICBn, is Encrypted by AES with Ek which is then Exor with Xn of plain text.
This step is repeated for n number of times.
4. Sequence of results is concatenated to form the output.
5. C = MSB the output by the length of Len (P).

OUTPUT:
Chipper text C (Plain text length)
GHASH CALCULATION:

INPUT:
AAD (A) (Length - multiple of 128 padded with 0)
Chipper text (C) (Length - multiple of 128 padded with 0)
[len(A)]64 || [len(C)]64
H (CIPHk (0128 ) )

X1Hm X2Hm-1 ... Xm-1H2 XmH

X = (A||0) + (C||0) + Len; m = Len(x)/128; H2= HH; H3= HHH;


X = X1||X2||X3||...

OUTPUT:
GHASH (16 bytes)
POLYNOMIAL MULTILPLICATION:
Carry less multiplication (instead of adding, Exor the result)
Reflected (A) Reflected (B) = Reflected (A B)>>1
Mod (x128 + x7 + x2 + x + 1)

You might also like