AES-GCM-SIV
AES-GCM-SIV implementations (128 and 256 bit)
Code implementations that correspond to the CFRG submission "AES-GCM-SIV: Nonce Misuse-Resistant Authenticated Encryption".
The specification draftwas posted on https://datatracker.ietf.org/doc/draft-irtf-cfrg-gcmsiv/. Authors:
Shay Gueron, University of Haifa and Intel Corporation
Adam Langley, Google
Yehuda Lindell, Bar Ilan University
Additional information
The AES-GCM-SIV specification was described in:
• S. Gueron, A. Langley and Y. Lindell. AES-GCM-SIV: Specification and Analysis. Cryptology ePrint Archive, Report 2017/168, 2017.
(http://eprint.iacr.org/2017/168.pdf)
The scientific justification behind the AES-GCM-SIV mode of operation is detailed in the following papers:
• S. Gueron and Y. Lindell. GCM-SIV: Full Nonce Misuse-Resistant Authenticated Encryption at Under One Cycle per Byte. In the 22nd ACM CCS, pages 109-119, 2015. (http://eprint.iacr.org/2015/102.pdf)
• S. Gueron and Y. Lindell. Better Bounds for Block Cipher Modes of Operation via Nonce-Based Key Derivation. In the 24th ACM CCS, pages 1019-1036, 2017. (http://eprint.iacr.org/2017/702.pdf)
Software License
Copyright (c) 2016, Shay Gueron
Permission to use this code for AES-GCM-SIV is granted.