Aes 256 Gcm

1 minute read


Symmetric-key algorithm: same / transformable keys are used to both encrypt and decrypt by the sender and the receiver

Block Cipher: a deterministic algorithm that operates on a fixed-length of bits called blocks

Counter Mode:

  • The key and the IV (nonce) appended with a counter increasing from 0 to N to form a key stream of blocks \(E_K(Nonce + counter_0),...,E_K(Nonce + counter_N)\)
  • The output of the encrypted ith nonce + counter will be xored with the plain text block \(i\) to create cipher block \(i\)
  • IV is used to make sure the attacker will not be able to guess the counters
  • Does not require padding as the last partial block will be XORed with the last partial plaintext
  • Any partial block from the previous TCP segment will be used
    • Streams of keystream blocks and plaintext (TCP byte stream)


  • Similar to counter mode but the cipher text (XOR of encrypted counted with plain text) will be used as coefficients of polynomial for auth tag (ie \(AD * H^N + C_1 * H^{N-1} + C_2 * H^{N-2}...\))


  • 256 bit blocks
  • Steps:
    1. Key Expansion: AES key schedule:
      • AES 256 requires 30 round of expansions from the cipher key
    2. Initial round key addition: each byte of the state (plain text) is XORed with the round key
    3. 13 Rounds of:
      1. SubBytes: each byte is replaced with another from a static lookup table
      2. Shift row steps:bytes are cyclically shifted
      3. MixColumns:
      4. AddRoundKey
    4. Final Round:
      1. SubBytes
      2. ShiftRows
      3. AddRoundKey