Re: About the GHASH in GCM mode
From: Chih-Hsu Yen (wismanyen_at_itri.org.tw)
Date: 11/10/05
- Next message: Peter Fairbrother: "Re: TrueCrypt 4.0 Out"
- Previous message: Luc The Perverse: "Re: is CRC32 as good as it gets for 32 bits?"
- In reply to: tomstdenis_at_gmail.com: "Re: About the GHASH in GCM mode"
- Next in thread: tomstdenis_at_gmail.com: "REPOST: Re: About the GHASH in GCM mode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 10 Nov 2005 11:42:48 +0800
<tomstdenis@gmail.com>
???????:1131024601.440040.68190@o13g2000cwo.googlegroups.com...
>
> Chih-Hsu Yen wrote:
>> Dear all:
>> In the GCM (Galois/Counter mode), the GHASH appears twice,
>> GHASH(H,{},IV) and GHASH(H,A,C).
>> In the GCM spec., http://csrc.nist.gov/CryptoToolkit/
>> modes/proposedmodes/gcm/gcm-revised-spec.pdf
>> Only GHASH(H,A,C) is described. Hown does GHASH (H,{},IV) work?
>> If it works as well as GHASH(H,A,C), then it is not consistent with
>> Figure 1.
>
> Um, it's the same thing you just don't have AAD data in the mix. There
> are open source implementations of GCM if you google for them you'll
> see.
>
> Tom
>
If the both operations are the same, does GHASH(H,{},IV) also operate with
many times as GHASH(H,A,C) of m+n+1 or wiht the times according to the
length of IV?
The initial counter Y_0 is obtained by either IV||0^{31}1 or GHASH(H,{},IV},
according to its bit length. However, if bit lenght of IV is larger than 128
or less than 128, then how to compute the Galois mulitplication with H in
GHASH?
Wisman
- Next message: Peter Fairbrother: "Re: TrueCrypt 4.0 Out"
- Previous message: Luc The Perverse: "Re: is CRC32 as good as it gets for 32 bits?"
- In reply to: tomstdenis_at_gmail.com: "Re: About the GHASH in GCM mode"
- Next in thread: tomstdenis_at_gmail.com: "REPOST: Re: About the GHASH in GCM mode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
