๐Galois/Counter Mode (GCM) and GMAC
- Encryption is the same as Counter (CTR) mode of operation mode but adds Galois field multiplication to compute message authentication code.
- MAC algorithm
- encrypt 128 bits of zeros, run through GHASH
- xor/ghash with non-encrypted AD (Authentication Data) (optional)
- xor/ghash with ciphertext
- xor/ghash with concatenated length of AD (64 bit) and Plaintext (64 bit)
- finally, xor with encrypted initialization vector + counter 0
- the result is authentication tag
- GHASH is a multiplication (in Galois Field) by H (= E_k(0^128) ) (encrypted zeros)