I am wondering does AES-GCM which uses Authenticated Encryption provide us with all 3 properties (Authenticity, Confidentiality, and Integrity), or does it not provide integrity?
Asked
Active
Viewed 1,480 times
1 Answers
3
AES-GCM (Galois Counter Mode) internally uses AES in CTR mode that can provide confidentiality and at most Ind-CPA security. AES-GCM also uses GHASH to provide integrity and authentication like any secure MAC.
In the end, AES-GCM constitutes an authenticated encryption (AE) mode with Associated Data ( AEAD).
One should be careful when using AES-GCM since there are many pitfalls and if you want to use it use AES-GCM-SIV which is safe from IV-reuse problems.
Keep in mind that the authentication is here mutual authentication ( both parties has the same right on the authentication, and should not be confused with the digital signature that can provide non-repudiation.
| Hash | MACs | Digital signatures | |
|---|---|---|---|
| Integrity | Yes | Yes | yes |
| Authentication | No | Yes | Yes |
| Non-Repuditiation | No | No | Yes |
kelalaka
- 49,797
- 12
- 123
- 211