Aes 256 Gcm

AES 256 GCM

Symmetric-key algorithm: same / transformable keys are used to both encrypt and decrypt by the sender and the receiver

Block Cipher: a deterministic algorithm that operates on a fixed-length of bits called blocks

Counter Mode:

• The key and the IV (nonce) appended with a counter increasing from 0 to N to form a key stream of blocks \(E_K(Nonce + counter_0),...,E_K(Nonce + counter_N)\)
• The output of the encrypted ith nonce + counter will be xored with the plain text block \(i\) to create cipher block \(i\)
• IV is used to make sure the attacker will not be able to guess the counters
• Does not require padding as the last partial block will be XORed with the last partial plaintext
• Any partial block from the previous TCP segment will be used
  • Streams of keystream blocks and plaintext (TCP byte stream)

GCM:

• Similar to counter mode but the cipher text (XOR of encrypted counted with plain text) will be used as coefficients of polynomial for auth tag (ie \(AD * H^N + C_1 * H^{N-1} + C_2 * H^{N-2}...\))

AES:

• 256 bit blocks
• Steps:
  1. Key Expansion: AES key schedule:
     • AES 256 requires 30 round of expansions from the cipher key
  2. Initial round key addition: each byte of the state (plain text) is XORed with the round key
  3. 13 Rounds of:
     1. SubBytes: each byte is replaced with another from a static lookup table
     2. Shift row steps:bytes are cyclically shifted
     3. MixColumns:
     4. AddRoundKey
  4. Final Round:
     1. SubBytes
     2. ShiftRows
     3. AddRoundKey