2

I'm new to GCM and I need to implement it in hardware, using FPGA. The data bus is 640 bits, so I will use 5 adder/multiplier blocks in parallel. The message size and AAD size are constant. My design have a particularity that AAD and Len A||C are available only at the end of message and I don't kow how to process it.

A little example: message = 5 x 640 bits.

cycle 1: process 640 bits (add/multiply)
cycle 2: process 640 bits (add/multiply)
cycle 3: process 640 bits (add/multiply)
cycle 4: process 640 bits (add/multiply)
cycle 5: process 640 bits (add/multiply) and xor all results
cycle 6: process AAD
cycle 7: process Len A||C

After cycle 5 I have a 128 bits vector with all the messages added/multiplied and results xored. So, how can I process AAD and Len A||C in this scenario?

Thanks Rodolfo

yyyyyyy
  • 12,261
  • 4
  • 48
  • 68
Rods
  • 51
  • 2

1 Answers1

1

BouncyCastle (for Java) has code that performs the AAD processing anywhere in the stream. It does however require modular exponentiation and additional multiplication. GCM mode officially requires the AAD to be processed before the plaintext, but as stated, there is a way around that. I've asked for an explanation here

Len A||C is only required at the end of the processing anyway, so that should not pose a problem.

Community
  • 1
Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323