It is well-known that AES-GCM requires the IV to be unique for each message that is encrypted with the same key. If the IV ever repeats, with the same key, then AES-GCM fails catastrophically. Now, what if we used a fixed IV (e.g. all zeros), but instead used a new random AES key for each message? The random (per-message) AES key could be "wrapped" (e.g. via RFC 3394) using a single master key. The "wrapped" message key would then be prefixed to the AES-GCM-encrypted message. This allows the receiver to "unwrap" the message key, by using the master key, and then decrypt the AES-GCM-encrypted message as usual, with the fixed IV and message key.
Of course, now the random message key must not repeat, I suppose. But with a random 256-Bit AES key such repeats are much less likely than with a 96-Bit IV, right? Using a proper CRNG.
Is this a feasible concept?
Note: Much unlike AES-GCM-SIV, this does not require to process the entire message twice and, therefore, it does not require to buffer the entire message in memory.
This is slightly similar to but not a duplicate of, because they don't use key wrapping:
AES CBC with unique key per message, but fixed IV
(here the key is not a pseudo-random function of the message)
