Aes 256 Gcm
AES 256 GCM
Symmetric-key algorithm: same / transformable keys are used to both encrypt and decrypt by the sender and the receiver
Block Cipher: a deterministic algorithm that operates on a fixed-length of bits called blocks
Counter Mode:
- The key and the IV (nonce) appended with a counter increasing from 0 to N to form a key stream of blocks \(E_K(Nonce + counter_0),...,E_K(Nonce + counter_N)\)
- The output of the encrypted ith nonce + counter will be xored with the plain text block \(i\) to create cipher block \(i\)
- IV is used to make sure the attacker will not be able to guess the counters
- Does not require padding as the last partial block will be XORed with the last partial plaintext
- Any partial block from the previous TCP segment will be used
- Streams of keystream blocks and plaintext (TCP byte stream)
GCM:
- Similar to counter mode but the cipher text (XOR of encrypted counted with plain text) will be used as coefficients of polynomial for auth tag (ie $$AD * H^N + C_1 * H^{N-1} + C_2 * H^{N-2}…$)
AES:
- 256 bit blocks
- Steps:
- Key Expansion: AES key schedule:
- AES 256 requires 30 round of expansions from the cipher key
- Initial round key addition: each byte of the state (plain text) is XORed with the round key
- 13 Rounds of:
- SubBytes: each byte is replaced with another from a static lookup table
- Shift row steps:bytes are cyclically shifted
- MixColumns:
- AddRoundKey
- Final Round:
- SubBytes
- ShiftRows
- AddRoundKey
- Key Expansion: AES key schedule: